0

is it possible to have an OR statement in freeradius check attributes?

I have say 10 VPN servers that authenticate from freeradius. Most users can access all servers but I have a demo user that can only access 2 of those servers.

I can set this up so that the demo can only access 1 of the servers by putting the following in the radcheck table/users file

NAS-IP-Address==xxx.xxx.xxx.1

But I need to have and OR statement in there like:

NAS-IP-Address==xxx.xxx.xxx.1 OR xxx.xxx.xxx.2

Is this possible in freeradius?

user1167223
  • 151
  • 5
  • 15

2 Answers2

1

You can use the =~ operator, and a regex xxx.xxx.xxx.1|xxx.xxx.xxx.2

Reference: http://freeradius.1045715.n5.nabble.com/Logical-OR-with-Check-Attributes-td3265998.html

NickW
  • 10,183
  • 1
  • 18
  • 26
0

It's only on freeradius 2.x can work.

On 3.x can't use.

(1) sql: ERROR: Error parsing value: Failed resolving "=xxx.xxx.xxx.1|=xxx.xxx.xxx.2|=xxx.xxx.xxx.3|=xxx.xxx.xxx.4" to IPv4 address: Name or service not known (1) sql: ERROR: Error parsing user data from database result (1) sql: ERROR: Error getting check attributes

Jackie
  • 1
  • Welcome to Server Fault! Your answer currently does not seem to provide a workable solution to the question and might be more appropriate as a question. Please read [How do I write a good answer?](http://serverfault.com/help/how-to-answer) and [How do I ask a good question?](http://serverfault.com/help/how-to-ask) And don't forget to take the [site tour](http://serverfault.com/tour). – Paul Dec 05 '21 at 15:22