add field in radcheck table
gary.yang at browan.com
Tue Nov 1 06:42:07 CET 2011
----- Original Message -----
From: "Fajar A. Nugraha" <list at fajar.net>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, November 01, 2011 11:02 AM
Subject: Re: add field in radcheck table
> On Tue, Nov 1, 2011 at 9:07 AM, gary <gary.yang at browan.com> wrote:
>>> From the login page,user can type his name and select pull-down option
>> the realm and then send to FR server for authentication.
>> for example, gary at domain1 and gary at domain2 come from different company
>> both in same database.
>> I can directly input gary at domain1 and gary at domain2 as user name for
>> but I would like to separate two field for checking.
>> user can see(probably read) user infomation(eg:logout page) only user
>> instead of gary at domain1 .
> This is a captive portal setup, right? FR doesn't really care what
> user puts in "drop down box", it only cares what the NAS (e.g.
> chillispot) sends. And the NAS doesn't really care what the user
> inputs, it only cares what the captive portal sends it (which may or
> may not be the same as what the user inputs).
Yes, I mean FR server will receive user at domain finally.
> For example, in my setup the captive portal adds a realm automatically
> (user can't put it manually) and pre-process the password that user
> entered (e.g. using a custom hash).
> In that setup there's really no need to separate user and realm. Just
> use the default setup.
>> Furthermore, in case lot of data in radcheck, it can be search,sort...etc
>> according to the realm field to improve server performance.
> I actually think the easiest way is to just add a "realm" field in
> radcheck as ENUM type, indexed, used only for search/sorting purposes,
> updated automatically by mysql trigger. That way you don't have to
> modify anything on FR side.
Thanks. that means username field in radcheck will be user at domain for user
authentication. I will take this as first priority testing.
I read freeradius how-to it recommand use only user name as authentication.
read as below:
"If you're stripping all domain name elements from usernames via realms,
remember NOT to include the domain name elements in the usernames you put in
the SQL tables - they should get stripped BEFORE the database is checked, so
name at domain will NEVER match if you're realm stripping (assuming you follow
point 2 above) - you should just have 'name' as a user in the database. Once
it's working without, and if you want more complex realm handling, go back
to work out not stripping (and keeping name at domain in the db) if you really
Anyway, it is appreciate if someone can point direction or share documention
how to add a check column in radcheck table I can study.
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users