[RADIATOR] Dynamic handler generation for NAS-IP-Address criteria

Heikki Vatiainen hvn at open.com.au
Thu Sep 4 03:18:21 CDT 2014


On 09/04/2014 07:14 AM, Arya, Manish Kumar wrote:

>    I have about 2000 Juniper MX devices in our network, but these
> devices are not having continuous IP addresses. They are scattered in a
> /16 network and frequently more devices are added to this pool.
> 
> So I cannot use pattern based handler for this solution. I had thought
> of generating dynamic handler for each IP using _some_ perl script.

You could try this: Group the clients with identifiers and use the
identifier to select the correct Handler. Something like this:

<Handler Client-Identifier=group1>
....

<ClientListLDAP>
     ...
     ClientAttrDef RadiusClientIdentifier, Identifier
     ...

The value RadiusClientIdentifier value in LDAP for some devices would be
'group1', 'group2' for some others, etc.

You may need to add an attribute in the LDAP schema for setting the
identifier, but I think this would be a better solution than creating
Handlers dynamically.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list