Evaluate Ldap-Group and SSID for WiFi authorization

Alan DeKok aland at deployingradius.com
Fri Sep 1 15:23:15 CEST 2017


On Sep 1, 2017, at 8:58 AM, Adam Cage <adamcage27 at gmail.com> wrote:
> 
> Dear, thank you, LDAP authorization works OK now. Using outer.request was
> the solution!!!

  That's good.

> At the moment I have this scenario:
> 
> AD authentication --> OK
> LDAP group and SSID authorization --> OK
> 
> Is it possible to add and SQL authorization in order to query a remote
> MySQL DB searching for MAC Addresses defined in a whitelist table ???

  Sure.  Just add an SQL query to the configuration:

	if ("%{sql:SELECT ... }") {
		...
	}

  Run the SELECT manually.  Use Calling-Station-ID for the MAC address, or if that attribute has the SSID in it, add "rewrite_called_station_id" in the "authorize" section, before the SQL SELECT.

> If
> the MAC Address is in the table, and the group and SSID are OK with the
> LDAP authorization section, finally the user can access the WiFi network.
> 
> In the affirmative case, do I have to install a new freeradius package?

  You will need to be sure that rlm_sql is installed.

  You may need to install v3.  Honestly, just install 3.0.15, and go with that.

> And
> which extra files do I have to edit ?

  You will need to edit raddb/sites-enabled/default, and also the raddb/mods-enabled/sql

  Alan DeKok.




More information about the Freeradius-Users mailing list