Hi,
I have about 2000 Juniper MX devices in our network, but these devices are not having continuous IP addresses. They are scattered in a /16 network and frequently more devices are added to this pool.
So I cannot use pattern based handler for this solution. I had thought of generating dynamic handler for each IP using _some_ perl script.
<Handler NAS-IP-Address=/10\.91\.114\.122/>
AuthLog auth_log
AuthBy juniper_auth
</Handler>
Has someone developed configuration for such requirement ?
I am already adding clients from LDAP every 90 min in radius using following, I want to do something similar for handlers
<ClientListLDAP>
Host 127.0.0.1
Port 389
AuthDN uid=xxxxxxx
AuthPassword xxxxxxx
BaseDN ou=xxxxx
Scope subtree
SearchFilter (|(RadiusClientIp=*)(remoteradiusip=*))
RefreshPeriod 900
ClientAttrDef remoteradiusip,Name
ClientAttrDef remoteradiussecret,Secret
ClientAttrDef RadiusClientip,Name
ClientAttrDef RadiusClientSecret,Secret
ClientAttrDef RadiusClientDupInterval,DupInterval
#Debug 255
</ClientListLDAP>
I cannot use realm criteria because user length cannot exceed 8 char and I cannot use NAS-identifier as well because this is different for each device depending upon datacenter, customer and country.
Regards,
-Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140903/a4ba1d75/attachment.html