[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Framed-IP-Address
From: |
Fletcher Mattox |
Subject: |
Re: [Help-gnu-radius] Framed-IP-Address |
Date: |
Thu, 3 Nov 2005 14:40:44 -0600 |
Sergey writes:
> Fletcher Mattox <address@hidden> wrote:
>
> > Hi,
> >
> > I'm new here. I am trying to pass the framed ip address to
> > Exec-Program-Wait
> > with an entry like this in my users file:
> [...]
> > While the other parameters are passed correctly, %C{Framed-IP-Address}
> > shows up as 0. What am I missing?
>
> You did everything right. What happens is that your NAS does not send
> this attribute with Access-Request packets.
That's a shame. The NAS is a Cisco 3000 VPN Concentrator. I want to make
an authentication decision based on this IP address. I notice that it
*does* send it in an accounting packet one second later, because radiusd
logs it in /var/log/radacct/1.2.3.4/detail, and because it appears in
radutmp and radwtmp. Can you think of any clever way I can use this
information for authentication? I *might* be able to simply run radwho
from the Exec-Program-Wait program, but I fear that radutmp will not
have been updated at that time.
Also, I will ask Cisco if the Framed-IP-Address can somehow be included
in the Access-Request packet, but I fear they will say no.
Thanks, Sergey, for your quick response,
Fletcher