Rlm_sql in freeradius-1.1.7

Dashamir Hoxha dhoxha at albaniaonline.net
Fri Jan 18 09:13:35 CET 2008


Orion wrote:
> -------+----+--------------++----+----------+-------------
> | id | username | attribute          | op | value        |
> +----+----------+--------------------+----+--------------+
> |  1 | orioni   | Called-Station-Id  | == | 001bd136e285 |
> |  2 | orioni   | Cleartext-Password | := | test         |
> |  3 | orioni   | Simultaneous-Use   | := | 2            |
> +----+----------+--------------------+----+--------------+
>
> .
>
> you can put to record for 'Called-Station-Id'
> with the mac addresses of the Access Points from
> wich the client is allowed to login.
Thank you, Orion. Your suggestion is useful, it works.
I had made up my mind that the best way is to do it with
groups and I was not looking at the simple solutions.

However, the solution that you suggest has a restriction.
It can be used for only 1 NAS (a user can authenticate
himself at only one access point). However I would like the
user to be able to access the internet through several
access points.

This can be done if we use the attribute Called-Station-Id
(or NAS-Identifier) with the operator '=~' and a value like
this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
This is a regular expression that will match the attribute
if its value is one of them that are listed.

This solution still has a restriction. Since the value of
an attribute is varchar(253), it cannot contain more than 14
MAC-s listed. So, a user cannot use more than 14 access points
for connecting to the internet. For the time being this is
acceptable for me, however I am still looking for other
solutions. I am also planning to try freeradius 2.

Regards,
Dashamir






More information about the Freeradius-Users mailing list