Freeraius vs NPS

Martin, Jeremy jmartin at emcc.edu
Mon May 8 16:08:42 CEST 2017


For the sake of completeness and my own sanity if I have to tackle this issue again in the future the following was the solution to my problem:

authorize {

        if ("%{sql:SELECT COUNT(username) FROM radreject WHERE UPPER(username) = UPPER('%{User-Name}')}" > 0) {
           reject
        }

...
}

Where radreject is a mysql table that contains two columns, and id and username.

Again thanks to everyone that helped point me in the right direction.

Jeremy



-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+jmartin=emcc.edu at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, May 5, 2017 1:24 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Freeraius vs NPS

On May 5, 2017, at 12:51 PM, Martin, Jeremy <jmartin at emcc.edu> wrote:
> Thank you for you help, I think I am starting to get a handle on this problem.
> 
> I added a check in the sites-enabled default file that did the trick and isolated it to one set and sure enough it kicked back and asked me for some credentials:

  That's good.

> Now for my last question (hopefully) before I go off and dig into the docs and examples, is there a table already setup that would make this check against a mysql table so I can easily write an interface so I don't have to train my techs to edit this file when setting up a new phone?  Or if you have another reasonable way of don't it that I can write against using some web interface I would certainly entertain that option as well.  I am certainly not against reading the docs but if there are any head starts they would appreciated.

  Since this isn't a common problem, there are no pre-packaged solutions

  This is where it's really "roll your own".  You can out the phone MAC addresses into an SQL table, and then write "unlang" rules to look up the MAC in the SQL table.

  i.e. write down what you need to track, and what you need the server to do, and then implement those policies in "unlang".

> In any event I am certainly glad to know what is going to at least, so thanks for the help thus far.

  It's what I do...

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list