PhenixID DocumentationPhenixID Authentication ServicesSolutionsRadiusHow to setup Framed IP using AD with msRADIUSFramedIPAddress attribute

How to setup Framed IP using AD with msRADIUSFramedIPAddress attribute

This document is written for PhenixID Server.

The reader should have some basic knowledge about PhenixID Server.

We will make changes to the configuration. Please make sure to have a recent backup of phenix-store.json

Description

We support all major user stores but this article will focus on Microsoft Active Directory. And will assume that you have configured static IP in active directory already.

This document describes how to collect msRADIUSFramedIPAddress from AD and convert it to a format that we can return in RADIUS response attribute 8 Framed IP.

This is most commonly sued when assigning static IPs to Radius clients.

Configuration

This example will show a RADIUS username and password scenario but it works with all scenarios. Go to your scenario and the "Execution Flow" and change the LDAPSearchValve to collect the msRADIUSFramedIPAddresss:

{
        "name": "LDAPSearchValve",
        "config": { 
              "connection_ref":"<Your connection ref>",
              "base_dn":"dc=example,dc=com",
              "scope":"SUB",
              "size_limit":"0",
              "filter":"sAMAccountName={{request.User-name}}",
              "attributes":"msRADIUSFramedIPAddress" 
        }
}
Click to copy

msRADIUSFramedIPAddress is stored as a integer in the AD so next we need to convert the Integer to a string that represents the IP Address. this can be done with the ScriptEvalValve. Add a ScriptEvalValve with the following configuration:


	{
		"name": "ScriptEvalValve",
		"enabled": "true",
		"config": {
			"mime_type": "application/javascript",
			"script": "var dn=request.get('dn'),item=flow.getItem(dn);item.removeProperty('userPassword');request.forEach(function(e,r){if(!e.match(/dn|pipe|session_id|attributes|attributes_search|attributes_load|attributes_modify/)){var t=JSON.parse(r);Array.isArray(t)?item.replaceProperty(e,com.phenixidentity.common.Arrays.asList(t)):item.replaceProperty(e,t)}});"
		}
	},
Click to copy

This is the formatted script if you are interested:

 var IP = parseInt(flow.items().get(0).getPropertyValue('msRADIUSFramedIPAddress'));
 var part1 = IP & 255;
 var part2 = ((IP >> 8) & 255);
 var part3 = ((IP >> 16) & 255);
 var part4 = ((IP >> 24) & 255);
 var realIP = part4 + "." + part3 + "." + part2 + "." + part1;
 flow.items().get(0).addProperty('myip', realIP);
Click to copy

This will create a property called myip with a string representing the IP. Next we need to return this as attribute 8, go to the Advanced tab on your scenario and add the following:

Now we are done.