了解 Radius 请求来自哪个 udp 套接字。使用 FreeRadius
我知道这个问题问得不太好。对不起我的英语。
我想设置一个(一个实例)FreeRadius 服务器来监听多个端口(带有一堆“监听”部分),然后将该 udp 端口作为参数以及用户名和用户密码传递给一个脚本,该脚本我想用来进行身份验证。
基本思想是进行某种域分离。有些防火墙使用 Radius 端口 2000 进行身份验证。例如,其他一些不同的防火墙(具有不同的用户组)使用 Radius 端口 2020。最后,所有请求都落在同一个脚本中,该脚本了解两组用户,并根据给定的额外属性(端口号)使用其中一个或另一个
我知道可以为每个“域”创建一个虚拟服务器。但我不喜欢复制配置文件。我认为为我想要的每个域添加一点“监听”部分会更短。
我尝试以这种方式添加属性:
listen {
ipaddr = *
port = 0
type = auth
update control {
Login-TCP-Port = 1812
}
}
并尝试阅读它:
autorize {
if ("%{User-Name}" == "bob") {
update reply {
Reply-Message = "This is only %{Login-TCP-Port} an example."
}
update control {
Cleartext-Password := "bob"
}
ok
}
[...]
}
但不起作用。
我怎样才能做对呢?
这可能吗?
希望你能帮助我。
I know the question isn't very well. Sorry my english.
I want to setup a (one instance of) FreeRadius server to listen to several ports (with a bunch of 'listen' sections) and then pass the that udp port as a parameter along with User-Name and User-Password to a script that I want to use to make the authentication.
The basic idea is make some kind of domain separation. Some Firewall use radius port 2000 to make authentication. Some other different firewall (with a different set of users) use radius port 2020, for example. At the end, all the request fall in the same script that has the knowledge of both set of users and use one or the other according to the given extra attribute (port number)
I know that is possible making a virtual server per 'domain'. but I prefer not to replicate configuration files. and i think is shorter to add a little 'listen' section for every domain I want.
I tried to add an atribute this way:
listen {
ipaddr = *
port = 0
type = auth
update control {
Login-TCP-Port = 1812
}
}
and tried to read it:
autorize {
if ("%{User-Name}" == "bob") {
update reply {
Reply-Message = "This is only %{Login-TCP-Port} an example."
}
update control {
Cleartext-Password := "bob"
}
ok
}
[...]
}
But don't work.
How can i make it right?
Is this posible?
Hope you can help me.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我自己回答。我发现(在谷歌上进一步查找)
Packet-Dst-Port属性具有我想要的数据。我从这里得到它(现在我找到了它,看起来很明显:P)
I'm answering myself. I found (looking a like further on google) that the
Packet-Dst-Portattribute have the data that I want.I get it from here (now that I found it, look pretty obvious :P)