add field in radcheck table

Fajar A. Nugraha list at fajar.net
Tue Nov 1 04:02:22 CET 2011


On Tue, Nov 1, 2011 at 9:07 AM, gary <gary.yang at browan.com> wrote:
>> From the login page,user can type his name and select pull-down option for
>
> the realm and then send to FR server for authentication.
> for example, gary at domain1 and gary at domain2 come from different company and
> both in same database.
> I can directly input gary at domain1 and gary at domain2 as user name for
> authentication.
> but I would like to separate two field for checking.
> user can see(probably read) user infomation(eg:logout page) only user name
> instead of gary at domain1 .

This is a captive portal setup, right? FR doesn't really care what
user puts in "drop down box", it only cares what the NAS (e.g.
chillispot) sends. And the NAS doesn't really care what the user
inputs, it only cares what the captive portal sends it (which may or
may not be the same as what the user inputs).

For example, in my setup the captive portal adds a realm automatically
(user can't put it manually) and pre-process the password that user
entered (e.g. using a custom hash).

In that setup there's really no need to separate user and realm. Just
use the default setup.

> Furthermore, in case lot of data in radcheck, it can be search,sort...etc
> according to the realm field to improve server performance.

I actually think the easiest way is to just add a "realm" field in
radcheck as ENUM type, indexed, used only for search/sorting purposes,
updated automatically by mysql trigger. That way you don't have to
modify anything on FR side.

-- 
Fajar



More information about the Freeradius-Users mailing list