Re: [Help-gnu-radius] Framed-IP-Address

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Framed-IP-Address

From:	Fletcher Mattox
Subject:	Re: [Help-gnu-radius] Framed-IP-Address
Date:	Thu, 3 Nov 2005 14:40:44 -0600

Sergey writes:
> Fletcher Mattox <address@hidden> wrote:
> 
> > Hi,
> > 
> > I'm new here.  I am trying to pass the framed ip address to 
> > Exec-Program-Wait
> > with an entry like this in my users file:
> [...]
> > While the other parameters are passed correctly, %C{Framed-IP-Address}
> > shows up as 0.  What am I missing?
> 
> You did everything right. What happens is that your NAS does not send
> this attribute with Access-Request packets.

That's a shame.  The NAS is a Cisco 3000 VPN Concentrator.  I want to make
an authentication decision based on this IP address.  I notice that it
*does* send it in an accounting packet one second later, because radiusd
logs it in /var/log/radacct/1.2.3.4/detail, and because it appears in
radutmp and radwtmp.  Can you think of any clever way I can use this
information for authentication?  I *might* be able to simply run radwho
from the Exec-Program-Wait program, but I fear that radutmp will not
have been updated at that time.

Also, I will ask Cisco if the Framed-IP-Address can somehow be included
in the Access-Request packet, but I fear they will say no.

Thanks, Sergey, for your quick response,

Fletcher

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Framed-IP-Address, Fletcher Mattox, 2005/11/03
- Re: [Help-gnu-radius] Framed-IP-Address, Sergey Poznyakoff, 2005/11/03
  - Re: [Help-gnu-radius] Framed-IP-Address, Fletcher Mattox <=
    - Re: [Help-gnu-radius] Framed-IP-Address, Sergey Poznyakoff, 2005/11/04

Prev by Date: Re: [Help-gnu-radius] Framed-IP-Address
Next by Date: Re: [Help-gnu-radius] Framed-IP-Address
Previous by thread: Re: [Help-gnu-radius] Framed-IP-Address
Next by thread: Re: [Help-gnu-radius] Framed-IP-Address
Index(es):
- Date
- Thread