SQL replacement for users file

HCC Lists hcc.lists at gmail.com
Mon Mar 2 23:47:40 CET 2015


I know that I can use SQL to replace most of what can be done in the 
users file. What I want to do is roughly:

test        Huntgroup-Name != "WAP", Cleartext-Password := "test", 
Auth-Type := Reject
                Reply-Message = "Your account is limited to WiFi."

test       Cleartext-Password := "test", Huntgroup-Name == "WAP"
                Reply-Message = "WiFi enabled."

I have added SQL Huntgroup support by adding the following to 
sites-enabled/default right after preprocess.

        update request {
                 Huntgroup-Name := "%{sql:SELECT groupname FROM 
radhuntgroup WHERE nasipaddress='%{Client-IP-Address}'}"
         if(Huntgroup-Name == "") {
                 update request {
                         Huntgroup-Name !* ANY

The idea is to limit some accounts to WiFi only using WPA2-Enterprise. I 
don't want those accounts to be able to connect to the VPN. I am less 
worried about the VPN accounts connecting to the WiFi.

What I cannot figure out is what combination of entries in the radcheck, 
radgroupcheck, radgroupreply, and radreply will do this.

I have in radcheck:

Username | Attribute           | op | Value
test     | Cleartext-Password  | := | test

In radgroupcheck

GroupName | Attribute      | op | Value
WAP       | Huntgroup-Name | == | WAP

In radgroupreply

GroupName | Attribute     | op | Value
WAP       | Reply-Message | =  | WiFi enabled.

I have nothing specific in radcheck. I have tried more combinations that 
I can remember with no success.

I am hoping I can do this in SQL, but I suppose I can figure out how to 
do it using unlang.


More information about the Freeradius-Users mailing list