Freeradius Restrict User Auth Request Based on VLAN
JAHANZAIB SYED
aacable at hotmail.com
Thu Jan 18 04:54:58 CET 2018
- For some reasons we are still on 2.x series version. Will add unlag query once upgrade to 3.x.
- by module I mean to say that for vlan checking I have added sql query in the authorize section. I wanted to make a module like 'checkvlan_module' in ./modules folder & then call it from sites-enabled/default file, & based on the result returned by the 'checkvlan_module' i can take action.
One Example:
#totalbytecounter{
#reject = 1
#}
#if(reject){
#ok
#update reply {
#Reply-Message := "Quota Limit Exceed!"
#}
<http:///>
________________________________
From: Freeradius-Users <freeradius-users-bounces+aacable=hotmail.com at lists.freeradius.org> on behalf of Nathan Ward <lists+freeradius at daork.net>
Sent: Thursday, January 18, 2018 4:48 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius Restrict User Auth Request Based on VLAN
> On 18/01/2018, at 12:47 AM, JAHANZAIB SYED <aacable at hotmail.com> wrote:
>
> Respected Nathan Ward,
>
>
> I just tested following & worked ok,
Awesome !
> if ("%{sql: select vlanid from users where username = '%{User-Name}'}" != "%{NAS-Port-Id}") {
> update reply {
> Reply-Message = 'You are not allowed to connect from this VLAN'
> }
> update control {
> Auth-Type := "Reject"
> }
> }
>
> Any suggestions to improve this? is this approach OK?
Looks OK to me.
> can I make module for it ? and based on return result , take action? in checkval/expiration modules?
What do you mean “make a module for it” - you can make modules for anything you want.
Don’t use checkval: http://networkradius.com/doc/3.0.10/upgrading/deleted-modules.html <http://networkradius.com/doc/3.0.10/upgrading/deleted-modules.html>
What do you want the expiration module to do here exactly?
--
Nathan Ward
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list