Knowing from which udp socket the Radius request came. Using FreeRadius

376 views Asked by At

I know the question isn't very well. Sorry my english.

I want to setup a (one instance of) FreeRadius server to listen to several ports (with a bunch of 'listen' sections) and then pass the that udp port as a parameter along with User-Name and User-Password to a script that I want to use to make the authentication.

The basic idea is make some kind of domain separation. Some Firewall use radius port 2000 to make authentication. Some other different firewall (with a different set of users) use radius port 2020, for example. At the end, all the request fall in the same script that has the knowledge of both set of users and use one or the other according to the given extra attribute (port number)

I know that is possible making a virtual server per 'domain'. but I prefer not to replicate configuration files. and i think is shorter to add a little 'listen' section for every domain I want.

I tried to add an atribute this way:

listen {
        ipaddr = *
        port = 0
        type = auth
        update control {         
            Login-TCP-Port = 1812
        }
    }

and tried to read it:

autorize {
    if ("%{User-Name}" == "bob") {
        update reply {
            Reply-Message = "This is only %{Login-TCP-Port} an example."
        }
        update control {
            Cleartext-Password := "bob"
        }
        ok
    }
[...]
}

But don't work.

How can i make it right?

Is this posible?

Hope you can help me.

1

There are 1 answers

0
Emiliano On

I'm answering myself. I found (looking a like further on google) that the Packet-Dst-Port attribute have the data that I want.

I get it from here (now that I found it, look pretty obvious :P)