add field in radcheck table

gary gary.yang at browan.com
Tue Nov 1 06:42:07 CET 2011 

----- Original Message ----- 
From: "Fajar A. Nugraha" <list at fajar.net>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, November 01, 2011 11:02 AM
Subject: Re: add field in radcheck table


> On Tue, Nov 1, 2011 at 9:07 AM, gary <gary.yang at browan.com> wrote:
>>> From the login page,user can type his name and select pull-down option 
>>> for
>>
>> the realm and then send to FR server for authentication.
>> for example, gary at domain1 and gary at domain2 come from different company 
>> and
>> both in same database.
>> I can directly input gary at domain1 and gary at domain2 as user name for
>> authentication.
>> but I would like to separate two field for checking.
>> user can see(probably read) user infomation(eg:logout page) only user 
>> name
>> instead of gary at domain1 .
>
> This is a captive portal setup, right? FR doesn't really care what
> user puts in "drop down box", it only cares what the NAS (e.g.
> chillispot) sends. And the NAS doesn't really care what the user
> inputs, it only cares what the captive portal sends it (which may or
> may not be the same as what the user inputs).
>
Yes, I mean FR server will receive user at domain finally.

> For example, in my setup the captive portal adds a realm automatically
> (user can't put it manually) and pre-process the password that user
> entered (e.g. using a custom hash).
>
> In that setup there's really no need to separate user and realm. Just
> use the default setup.
>
>> Furthermore, in case lot of data in radcheck, it can be search,sort...etc
>> according to the realm field to improve server performance.
>
> I actually think the easiest way is to just add a "realm" field in
> radcheck as ENUM type, indexed, used only for search/sorting purposes,
> updated automatically by mysql trigger. That way you don't have to
> modify anything on FR side.
>
Thanks. that means username field in radcheck will be user at domain  for user 
authentication. I will take this as first priority testing.
I read freeradius how-to it recommand use only user name as authentication. 
read as below:
"If you're stripping all domain name elements from usernames via realms, 
remember NOT to include the domain name elements in the usernames you put in 
the SQL tables - they should get stripped BEFORE the database is checked, so 
name at domain will NEVER match if you're realm stripping (assuming you follow 
point 2 above) - you should just have 'name' as a user in the database. Once 
it's working without, and if you want more complex realm handling, go back 
to work out not stripping (and keeping name at domain in the db) if you really 
want to."
Anyway, it is appreciate if someone can point direction or share documention 
how to add a check column in radcheck table I can study.

> -- 
> Fajar
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list