Syed Jahanzaib
Reputation: 246
Freeradisu allow requests based on NAS-IDENTIFIER
I am running FreeRADIUS Version 2.2.8. All of my NAS clients are on dynamic IP addresses from different ISP's, Therefore I would like to to Allow requests based on NAS-identifier rather then NAS IP?
Appreciate if someone can post hints or examples.
Upvotes: 0
Views: 1315
Answers (1)
Arran Cudbard-Bell
Reputation: 6065
This is not possible with FreeRADIUS v3.0.x, as all clients are indexed on either IPv4 or IPv6 address, and FreeRADIUS does not decode packets until it has found a valid client.
FreeRADIUS v4.0.x will likely support this, but the work hasn't been completed yes as far as I'm aware.
Your main options are:
- Define a client for 0.0.0.0/0 and used the same shared secret everywhere.
- Colocate a RADSEC (RADIUS over TLS) Proxy on the same box as the access points, or in the same network, and use that to wrap the UDP RADIUS packets.
- Buy NAS with RADSEC support built in.
Upvotes: 1
Related Questions
- FreeRadius - Failed binding to authentication address
- freeRadius: Manually accept client authentication
- FreeRADIUS doesn't receive any requests
- Freeradius - No authenticate method found
- freeRADIUS server confiuration for 802.1x
- Freeradius server authentication issue
- Unable to authorize on FreeRADIUS
- FreeRADIUS - Allow some navigation before authentication
- How to configure a freeradius server to require NAS-IP-Address attribute?
- Exclude IP Address from FreeRadius?