Linux – Freeradius: Assign Group to User based on Nas-IP-Address

freeradiuslinux

I wonder if anyone can help me.

The goal is to assign different users different ip address based on the AP they connect to. I cannot statically set this as users will travel and end up connecting via a different ap.

So i wanted to do a check to see if i can match the nas ip and then assign that user to a group, which in turn, the group will allocate the correct IP Pool.

I've done quite abit of research and its seems to be as simple as adding it to the radgroupcheck table. Like such:

 id | groupname |   attribute    |   value    | op 
----+-----------+----------------+------------+----
  1 | Group1    | Nas-IP-Address | x.x.x.x    | ==
  4 | Group1    | Pool-Name      | POOL1      | :=

However in the radius -X i do no even see it attempting to check the group.

It seems to check the radusergroup table, but there is nothing in there due to the fact i need to set the user group dynamically based on location.

Any help would be appreciated.

Thanks

Rob

Best Answer

I think you should be able to use NAS Huntgroups to do what you're attempting to do,

Following the example, create the table:

CREATE TABLE radhuntgroup (
    id int(11) unsigned NOT NULL auto_increment,
    groupname varchar(64) NOT NULL default '',
    nasipaddress varchar(15) NOT NULL default '',
    nasportid varchar(15) default NULL,
    PRIMARY KEY  (id),
    KEY nasipaddress (nasipaddress)
) ;

Add in your NAS addresses:

INSERT INTO radhuntgroup (groupname, nasipaddress) VALUES ("Nas_1", "192.168.0.10"); INSERT INTO radhuntgroup (groupname, nasipaddress) VALUES ("Nas_2", "192.168.1.10");

Then in the authorize {} section, you'd add this code:

{ Huntgroup-Name := "%{sql:SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}'}" }

You can then add in lines in the radgroupcheck table to check other values (if needed), or just the radgroupreply table where you can assign them a specific pool..

Related Topic