Freeradius, Nas-Port-ID as username

Discussion in 'Server Operation' started by Per.H, Apr 25, 2012.

  1. Per.H

    Per.H New Member

    We are using the Cisco ACS 5.3 as a RADIUS for database authentication and authorization. The purpose is to authenticate incoming users based on the NAS-PORT-ID. The problem is that we cannot find any solution for the Service Router (Alcatel 7750) to send the NAS-PORT-ID to act as USERNAME. The username field is set to the MAC address.

    The ACS requires a USERNAME and there is not a way to manipulate the User-Name value once it is received.

    We heard that it could be possible to use the freeradius to act as a proxy for the Cisco secure ACS.

    This is what we want:

    User -> [SR] -> User-Name = “MAC:xx.xx.xx.xx” Password = “secret” NAS-Port-Id = 1/1/4.1001.129 -> [FR] -> User-Name = “1/1/4.1001.129” Password = “secret” -> [ACS 5.3]

    Is there a solution for this option in the Freeradius?

    Is there a way to manipulate the User-Name sent from the service router, (MAC address), and change it to its NAS-Port-Id before it reaches the ACS RADIUS with help from the freeradius acting as a proxy?

Share This Page