NAP with freeradius

Alan DeKok aland at deployingradius.com
Fri Nov 14 14:46:10 CET 2014


Zulzig wrote:
> somebody can to say me, if it is possible to use a function that allow
> me to add a condition based on the last authorization of the computer.
> for an example, if the last authorization is superior at X days, the
> computer will be on another vlan.

  Yes.  BUT that information has to be stored in a database.

  i.e. when a user is authorized, you need to run an SQL query to update
the database.  It can be a simple 2 column table of username and last
authentication time.

  Then when the server receives an Access-Request, run an SQL query to
check that entry.  If it exists and is more than X days in the past, put
 them into a different VLAN.

> On the mysql server, the radusergroup of the user is modified.

  You shouldn't do that.  This should be a separate policy.

  Alan DeKok.


More information about the Freeradius-Users mailing list