# There are different detail-rotating strategies you can use. One is
# to write to a single detail file per IP and use the rotate config
# below. Another is to write to a daily detail file per IP with:
-# detailfile = ${radacctdir}/%{Packet-Src-IP-Address}/%Y%m%d-detail
+# detailfile = ${radacctdir}/%{Net.Src.IP}/%Y%m%d-detail
# (or similar) in radiusd.conf, without rotation. If you go with the
# second technique, you will need another cron job that removes old
# detail files. You do not need to comment out the below for method #2.
. The `NAS-IP-Address` has been provided. If not then you may need to
reconfigure your NAS to provide this or instantiate this attribute from
-`Packet-Src-IP-Address` using an unlang policy in FreeRADIUS. Otherwise when
+`Net.Src.IP` using an unlang policy in FreeRADIUS. Otherwise when
the NAS reboots you will not be able to match the affected IP addresses to the
device.
[source,unlang]
----
-load-balance "%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}" {
+load-balance "%{Net.Src.IP}" {
home_server_1
home_server_2
home_server_3
[source,unlang]
----
-load-balance "%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}-%{Packet-Src-Port}" {
+load-balance "%%{Net.Src.IP}-%{Net.Src.Port}" {
home_server_1
home_server_2
home_server_3
```
detail {
- filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y-%m-%d
+ filename = ${radacctdir}/%{Net.Src.IP}/detail-%Y-%m-%d
# filename = ${radacctdir}/detail
escape_filenames = no
permissions = 0600
```
detail auth_log {
- filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y-%m-%d
+ filename = ${radacctdir}/%{Net.Src.IP-Address}/auth-detail-%Y-%m-%d
permissions = 0600
suppress {
User-Password
}
}
detail reply_log {
- filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y-%m-%d
+ filename = ${radacctdir}/%{Net.Src.IP}/reply-detail-%Y-%m-%d
permissions = 0600
}
detail pre_proxy_log {
- filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y-%m-%d
+ filename = ${radacctdir}/%{Net.Src.IP}/pre-proxy-detail-%Y-%m-%d
permissions = 0600
# suppress {
# User-Password
# }
}
detail post_proxy_log {
- filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y-%m-%d
+ filename = ${radacctdir}/%{Net.Src.IP}/post-proxy-detail-%Y-%m-%d
permissions = 0600
}
```
Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
Interim-Update = ""
- Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online"
- Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline"
- unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
+ Accounting-On = "NAS %%{Net.Src.IP} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online"
+ Accounting-Off = "NAS %{Net.Src.IP} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline"
+ unknown = "NAS %{Net.Src.IP} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
}
}
```
owner = &Client-Hardware-Address
# owner = "%{%{Client-Identifier}:-%{Client-Hardware-Address}}"
# owner = "%{Vendor-Specific.ADSL-Forum.Agent-Circuit-ID} %{Calling-Station-Id}"
- requested_address = "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}"
+ requested_address = "%{%{Requested-IP-Address}:-%{Net.Src.IP}}"
# ipv4_integer = yes
allocated_address_attr = &reply.Your-IP-Address
range_attr = &reply.IP-Pool.Range
}
new client {
&control += {
- &FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
+ &FreeRADIUS-Client-IP-Address = "%{Net.Src.IP}"
&FreeRADIUS-Client-Require-MA = no
&FreeRADIUS-Client-Secret = "testing123"
- &FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
+ &FreeRADIUS-Client-Shortname = "%{Net.Src.IP}"
&FreeRADIUS-Client-NAS-Type = "other"
}
ok
The following command-line options are accepted by the program.
-*-d config_directory*::
+*-d config_directory*::
Defaults to _/etc/raddb_. *radmin* looks here for the server
configuration files to find the "listen" section that defines the
control socket filename.
+
Only one debug condition can be active at a time.
-*debug condition '((User-Name == ""bob"") || (Packet-Src-IP-Address == 192.0.2.22))'*::
+*debug condition '((User-Name == ""bob"") || (Net.Src.IP == 192.0.2.22))'*::
A more complex condition that enables debugging output for requests
containing User-Name "bob", or requests that originate from source IP
address 192.0.2.22.
following value:
----------------------------------------------------------------
-filename = ${radacctdir}/%{Packet-Src-IP-Address}/detail-%Y%m%d
+filename = ${radacctdir}/%{Net.Src.IP}/detail-%Y%m%d
----------------------------------------------------------------
The configuration entry is composed of two kinds of variable expansion.
option is equivalent to using:
.br
.in +0.3i
--c '(Packet-Src-IP-Address == ipv4-address)'
+-c '(Net.Src.IP == ipv4-address)'
.in -0.3i
.IP "\-d \fIconfig directory\fP"
The radius configuration directory, usually /etc/raddb. See the
option is equivalent to using:
.br
.in +0.3i
--c '(Packet-Src-IPv6-Address == ipv6-address)'
+-c '(Net.Src.IPv6 == ipv6-address)'
.in -0.3i
.IP \-t\ \fItimeout\fP
Stop printing debug output after "timeout" seconds. The default
# There are different detail-rotating strategies you can use. One is
# to write to a single detail file per IP and use the rotate config
# below. Another is to write to a daily detail file per IP with:
-# detailfile = ${radacctdir}/%{Packet-Src-IP-Address}/%Y%m%d-detail
+# detailfile = ${radacctdir}/%{Net.Src.IP}/%Y%m%d-detail
# (or similar) in radiusd.conf, without rotation. If you go with the
# second technique, you will need another cron job that removes old
# detail files. You do not need to comment out the below for method #2.
# There are different detail-rotating strategies you can use. One is
# to write to a single detail file per IP and use the rotate config
# below. Another is to write to a daily detail file per IP with:
-# detailfile = ${radacctdir}/%{Packet-Src-IP-Address}/%Y%m%d-detail
+# detailfile = ${radacctdir}/%{Net.Src.IP}/%Y%m%d-detail
# (or similar) in radiusd.conf, without rotation. If you go with the
# second technique, you will need another cron job that removes old
# detail files. You do not need to comment out the below for method #2.
;;
D) extra="$extra -D $OPTARG"
;;
- i) x="(Packet-Src-IP-Address == $OPTARG)"
+ i) x="(Net.Src.IP == $OPTARG)"
if [ "$condition" = "" ]; then
condition="$x"
else
condition="$condition && $x"
fi
;;
- I) x="(Packet-Src-IPv6-Address == $OPTARG)"
+ I) x="(Net.Src.IP == $OPTARG)"
if [ "$condition" = "" ]; then
condition="$x"
else
ATTRIBUTE Acct-Session-Start-Time 1019 date
ATTRIBUTE Acct-Unique-Session-Id 1020 string
-# 1021 was Client-IP-Address. Just use Packet-Src-IP-Address
+# 1021 was Client-IP-Address. Just use Net.Src.IP
ATTRIBUTE LDAP-UserDN 1022 string
ATTRIBUTE SQL-User-Name 1023 string
projects / thirdparty / freeradius-server.git / commitdiff
