FreeRADIUS Authentication/Authorization
Luiz Fernando Mizael Meier
lfmmeier at gmail.com
Wed Nov 9 13:17:06 CET 2016
Hello!
We have an enviroment with FreeRADIUS working perfectly. Today, we
authenticate users against an Active Directory with domain credentials.
Then, in Microsoft NPS, we filter the groups of the user to match the
requirements to connect to the WiFi. They must:
1) Have an AD user account joined to an specific group;
2) Have its device's mac address added to a specific list in a MySQL
database.
This way we can control how many devices each user can connect to our WiFi
(whis is important in our company).
The thing is: we have a situation where an user will be able to connect to
wifi without having an AD credential. In this case I wonder if it possible
to ask for the credential only if the machine is not one of these special
machines.
The logic would be:
if (machine is one of the special) {
check in the database for the mac and authorize without ad credentials
}
else {
ask for credentials and go on via the normal way
}
I tried to change this logic in the sites-available/default, but it keeps
asking password no matter the order of the validations.
Any help would be appreciate. :)
Regards,
Luiz Fernando
More information about the Freeradius-Users
mailing list