(RADIATOR) NAS IP check within a realm

Hugh Irvine hugh at open.com.au
Wed Aug 25 17:17:48 CDT 2004 

Hello Judy -

Try something like this:

<Realm gem>
        RewriteUsername s/^([^@]+).*/$1/

       AuthByPolicy ContinueWhileAccept

       <AuthBy FILE>
             Filename %D/check.nas
       </AuthBy>

        <AuthBy RADIUS>
                Host a.domain
                Secret xxxxx
        </AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail
</Realm>

The contents of the file check.nas (in the directory pointed to by %D) 
would look like this:

# reject 10.10.10.10, accept everything else

DEFAULT NAS-IP-Address = 10.10.10.10, Auth-Type = Reject
DEFAULT Auth-Type = Accept


Hope that helps.

regards

Hugh


On 26 Aug 2004, at 07:19, Judy Angel wrote:

>
> The following realm works fine.
> I would like to add a check to say that if the NAS-IP-ADDRESS is NOT = 
> 10.10.10.10, carry on with the AuthBy otherwise return an error.
>
> Is that possible, in a realm or a handler ?
>
> Thanks
>
> Judy Angel
> University of Hertfordshire
>
> <Realm gem>
>        RewriteUsername s/^([^@]+).*/$1/
>        <AuthBy RADIUS>
>                Host a.domain
>                Secret xxxxx
>        </AuthBy>
>        # Log accounting to the detail file in LogDir
>        AcctLogFileName %L/detail
> </Realm>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list