Currently, when I set RADIUS user authentication, VyOS is sending a RADIUS query with a NAS-Identifier attribute of “sshd”. Complex RADIUS environments use NAS-Identifier to apply different policies for a user and a fixed, generic “sshd” is an issue. Is there a way to set NAS-Identifier of a VyOS instance?
Hi,
the NAS ide tifoer currently can‘t be specified. login-radius: T2478: Use source-address as NAS-IP-Address if defined · vyos/libpam-radius-auth@488621e · GitHub
You might wan‘t to filter on the NAS IP address?
Thank you for your quick response. Obviously there are different ways to handle this on the RADIUS server side, but some RADIUS servers (such as freeradius), user configs are not as simplistic as “filter on…”. If the server receives a query with a specific attribute set, it will progressively propagate it through the auth chains, making various assumptions. If VyOS pertains to move away from being considered a “debian server” into being considered an appliance OS, it should really be able to have its NAS-Identifier attribute customizable. I’ll try to follow up with a feature request. Thank you again for the response and a great project.