User + Password + AMC address group authentication
Alan DeKok
aland at deployingradius.com
Thu Jul 8 16:26:29 CEST 2010
Aaron Jansen wrote:
> For a user FreeRADIUS should check the user name, password, and the MAC
> address. The MAC address can be one of many in a list stored in a
> database. So, this is not about a single user logging in on only one
> device.
>
> I have taken a look at the rad(group)check table, but it seems that ALL
> attributes should check out alright for the user to be authenticated.
> So, I cannot just simply add a list of all possible user/MAC
> combinations.
The existing tables are for specific purposes. If you need something
else, don't use them.
> How can I best achieve this? Any help would be appreciated.
Create a table just for MAC addresses. Then, do:
authorize {
...
if ("%{sql:SELECT mac FROM mac_table WHERE...}") {
# mac is known
}
else {
# mac is unknown
}
...
}
Run the SQL select by hand until you get it working, and then add it
to the configuration file.
More information about the Freeradius-Users
mailing list