search

privacyidea / FreeRADIUS

Add two factor authentication to FreeRADIUS via privacyIDEA
GNU General Public License v2.0
19 stars 17 forks source link

Use Packet-Src-IP-Address as fallback #45

Closed cornelinux closed 4 years ago

cornelinux commented 4 years ago

The plugin can send the client IP to privacyIDEA use this IP in policies and audit log. It only uses the NAS-IP-Address. This way we can also use the real IP address of the RADIUS client.

Closes #44

cornelinux commented 4 years ago

@laclaro If you have no NAS-IP-Address and no Packet-Src-IP-Address, then you will have the localhost.

Note: The Packet-Src-IP-Address is not directly available in the perl module. It is only available in unlang. This is why you have to add it to the request, since the rlm_perl can only access values from request. 

update request {
        # Add the Packet Src IP to the request as client fallback
        Packet-Src-IP-Address = "%{Packet-Src-IP-Address}"
    }

Use debug = True to check all attributes in request.

laclaro commented 4 years ago

With this change in the privacyidea freeradius site. The overriding of the client ip works as expected. Great!