AW: 802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs

Phil Mayers p.mayers at imperial.ac.uk
Thu Mar 22 18:19:08 CET 2012


On 22/03/12 15:27, PENZ Robert wrote:
> Hi!
>
> Thx for the fast  response!
>
> But how to I execute the SQL authorize_reply_query query after I did
> a EAP authentication? I don't do that currently in post-auth. I just
> have the sql modul activated in authorize.

Like this:

post-auth {
   if (TLS-Client-Cert ~ /.../) {
     update reply {
       Tunnel-Private-Group-Id := "%{sql:query goes here}"
     }
   }
}

You can run any SQL query you like as part of an expansion. The SQL 
query can reference any attributes you like, using standard attribute 
expansion.

See "man unlang".


More information about the Freeradius-Users mailing list