search

opnsense / core

OPNsense GUI, API and systems backend
https://opnsense.org/
BSD 2-Clause "Simplified" License
3.27k stars 727 forks source link

Ability to set "NAS-IP-Address" for Radius Access Server #5699

Closed cmitasch closed 1 year ago

cmitasch commented 2 years ago

For the purpose of connecting OPNsense authentication to a privacyIDEA connected Freeradius server, I'm missing the ability to set the Radius request attribute "NAS-IP-Address" when adding a radius server in "System: Access: Servers". This would allow to use custom policies based on client IP addresses in privacIDEA.

NAS-IP-Address is defined here: https://datatracker.ietf.org/doc/html/rfc2865#section-5.4

This feature seems to exist at pfSense. https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html

Thank you, Christoph

OPNsense-bot commented 2 years ago

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

cmitasch commented 2 years ago

Hello,

I'm not sure if the move to plugins was correct since the issues is not related to the os-freeradius Plugin.

Steps to reproduce: 1 ) /system_authservers.php?act=new 2) select "Radius" at "Type" 3) Option for "NAS-IP-Address" is missing there

Thank you, Christoph

OPNsense-bot commented 1 year ago

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

doktornotor commented 9 months ago

Need this one as well... Please reopen, I'll get to it eventually.

AdSchellevis commented 9 months ago

@doktornotor we can reopen when there's movement or open a new ticket by then, it's more or less the same as https://github.com/opnsense/core/issues/7036 if I'm not mistaken (in which case there already is an open ticket).

doktornotor commented 9 months ago

Ok, thanks, did not find that one - NAS-IP-Address, and Calling-Station-Id are not the same attributes.

Will subscribe there, though I do not need all the remaining options requested.