disable available EAP types for certain caller-id?

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

disable available EAP types for certain caller-id?

Kacper Wirski
Hello,

I'd like to limit EAP types available depending on called-station-id (ip
addresses only for EAP-TLS.

Would something like this - in general - in my "default" site work?

Maybe there is a better way to achieve the same thing? Overall I want to
use other EAP-types, so I can't just comment them out in eap module, but
I'd like to filter them for specific connections.

I'm using latest stable Freeradius (3.0.21)

authorize {

...

     if (&Called-Station-Id == "<my-public-ip>" &&   &EAP-Type != EAP-TLS) {

             reject

     }

     eap {

         ok  = return

     }

.....

}


Regards,

Kacper




--
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: disable available EAP types for certain caller-id?

Alan DeKok-2
On Jan 7, 2021, at 8:24 AM, Kacper Wirski <[hidden email]> wrote:
> I'd like to limit EAP types available depending on called-station-id (ip addresses only for EAP-TLS.
>
> Would something like this - in general - in my "default" site work?
>
> Maybe there is a better way to achieve the same thing? Overall I want to use other EAP-types, so I can't just comment them out in eap module, but I'd like to filter them for specific connections.

  If you need to filter EAP types for certain connections, then "unlang" if / then / else rules is the best way.

> I'm using latest stable Freeradius (3.0.21)
>
> authorize {
> ...
>     if (&Called-Station-Id == "<my-public-ip>" &&   &EAP-Type != EAP-TLS) {
>             reject

  That should work.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: disable available EAP types for certain caller-id?

Kacper Wirski
Thank You for quick response,

Regards,

Kaper

W dniu 07.01.2021 o 15:28, Alan DeKok pisze:

> On Jan 7, 2021, at 8:24 AM, Kacper Wirski <[hidden email]> wrote:
>> I'd like to limit EAP types available depending on called-station-id (ip addresses only for EAP-TLS.
>>
>> Would something like this - in general - in my "default" site work?
>>
>> Maybe there is a better way to achieve the same thing? Overall I want to use other EAP-types, so I can't just comment them out in eap module, but I'd like to filter them for specific connections.
>    If you need to filter EAP types for certain connections, then "unlang" if / then / else rules is the best way.
>
>> I'm using latest stable Freeradius (3.0.21)
>>
>> authorize {
>> ...
>>      if (&Called-Station-Id == "<my-public-ip>" &&   &EAP-Type != EAP-TLS) {
>>              reject
>    That should work.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html