I have to filter NASes to use different auth profiles for different types of devices for the same user. The only acceptable attribute I have is "Client-Shortname" (FreeRADIUS) or "NAS Shortname" (daloRADIUS) - but I see no way to configure such kind of filter with daloRADIUS interface.
Is it possible at all with daloRADIUS?
Best regards,
Cyril
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Cyril, daloRADIUS reads it's available attributes from the database, so if there's an attribute you need which is not supported out of the box you can simply use some db management tool to connect to it and insert a new attribute setup.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Looks like I was not clear. For FreeRADIUS we have run-time variable "Client-Shortname" which is (I suppose) represented as "NAS shortname" in daloRADIUS. These are not standard RADIUS attributes - and it looks like I cannot use it as "check attributes" in profile.
I am not sure if I can add corresponding attribute directly to database without changing daloRADIUS logic.
Best regards,
Cyril
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It seems like the question here is about using standard attributes which
FreeRAIDUS and daloRADIUS would understand, right?
If that's the case you need to walk 2 paths:
For daloRADIUS to automatically provide you with the attributes in
drop-down and such you need to import the custom attribute dictionary to
the database using dalo's web interface.
For FreeRADIUS to support and understand your custom attributes when
you use them in check/reply sections then you need to import the dictionary
to FR itself. There are simple docs for that so I'm sure you'll be ok.
Looks like I was not clear. For FreeRADIUS we have run-time variable
"Client-Shortname" which is (I suppose) represented as "NAS shortname" in
daloRADIUS. These are not standard RADIUS attributes - and it looks like I
cannot use it as "check attributes" in profile.
I am not sure if I can add corresponding attribute directly to database
without changing daloRADIUS logic.
Maybe my English is not good enough - so misunderstanding goes on... Let me try once again.
When user creates NAS object in daloRADIUS there is a field 'NAS Shortname' to fill. In FreeRADIUS there is runtime variable 'Client-Shortname' with similar purpose - You can assign it to NAS when You register it in FreeRADIUS. These are not standard RADIUS attributes and used for comfort and simplicity.
All major commercial RADIUS products known to me (Microsoft IAS/NPS, Cisco Secure ACS/ISE) and FreeRADIUS allows to use these items to filter requests based on requesting NAS friendly name like "If 'NAS Shortname' contains 'Cisco' then assign access profile 'Cisco Devices'". But I see no way to do it in daloRADIUS - the only thing I can do with "NAS Shortname" in DR, as I see - is to fill the field while configuting the NAS.
This way I also cannot import dictionary of custom attributes to FR as a) there is already existing FR internal runtime variable (not RADIUS attribute!) 'Client-Shortname' of the purpose I need and b) there are no RADIUS attributes of interest at all. NAS short- of friendly-name is set on RADIUS server itself for administrative purposes and simplicity and is internal to RADIUS Server (so I even can have it with different values on different RADIUS servers with no problem to functionality).
So the real question was if I anyway can use the value of 'NAS Shortname' field filled manually in time of NAS configuration process to assign NAS with specific profile?
Best regards,
Cyril
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have to filter NASes to use different auth profiles for different types of devices for the same user. The only acceptable attribute I have is "Client-Shortname" (FreeRADIUS) or "NAS Shortname" (daloRADIUS) - but I see no way to configure such kind of filter with daloRADIUS interface.
Is it possible at all with daloRADIUS?
Best regards,
Cyril
Hi Cyril, daloRADIUS reads it's available attributes from the database, so if there's an attribute you need which is not supported out of the box you can simply use some db management tool to connect to it and insert a new attribute setup.
Hi Liran,
Looks like I was not clear. For FreeRADIUS we have run-time variable "Client-Shortname" which is (I suppose) represented as "NAS shortname" in daloRADIUS. These are not standard RADIUS attributes - and it looks like I cannot use it as "check attributes" in profile.
I am not sure if I can add corresponding attribute directly to database without changing daloRADIUS logic.
Best regards,
Cyril
It seems like the question here is about using standard attributes which
FreeRAIDUS and daloRADIUS would understand, right?
If that's the case you need to walk 2 paths:
drop-down and such you need to import the custom attribute dictionary to
the database using dalo's web interface.
you use them in check/reply sections then you need to import the dictionary
to FR itself. There are simple docs for that so I'm sure you'll be ok.
Hopefully I got your issue correctly.
--
Sincerely, Liran Tal
Author
http://www.amazon.com/Agile-Software-Development-HP-Manager/dp/1484210352/of
Agile Software Development with HP Agile Manager
Founder and Lead Developer of daloRADIUS http://www.daloradius.com/
Blogging at http://www.enginx.com, and tweeting at @liran_tal
https://twitter.com/liran_tal
On Wed, Mar 8, 2017 at 5:17 PM, Cyril Sluchanko cyrils@users.sf.net wrote:
Hi Liran,
Maybe my English is not good enough - so misunderstanding goes on... Let me try once again.
When user creates NAS object in daloRADIUS there is a field 'NAS Shortname' to fill. In FreeRADIUS there is runtime variable 'Client-Shortname' with similar purpose - You can assign it to NAS when You register it in FreeRADIUS. These are not standard RADIUS attributes and used for comfort and simplicity.
All major commercial RADIUS products known to me (Microsoft IAS/NPS, Cisco Secure ACS/ISE) and FreeRADIUS allows to use these items to filter requests based on requesting NAS friendly name like "If 'NAS Shortname' contains 'Cisco' then assign access profile 'Cisco Devices'". But I see no way to do it in daloRADIUS - the only thing I can do with "NAS Shortname" in DR, as I see - is to fill the field while configuting the NAS.
This way I also cannot import dictionary of custom attributes to FR as a) there is already existing FR internal runtime variable (not RADIUS attribute!) 'Client-Shortname' of the purpose I need and b) there are no RADIUS attributes of interest at all. NAS short- of friendly-name is set on RADIUS server itself for administrative purposes and simplicity and is internal to RADIUS Server (so I even can have it with different values on different RADIUS servers with no problem to functionality).
So the real question was if I anyway can use the value of 'NAS Shortname' field filled manually in time of NAS configuration process to assign NAS with specific profile?
Best regards,
Cyril
Hi Liran,
Do You need any additional information to answer my question?
Best regards,
Cyril