How to deal with device self-registration best?
Nilsson, Cristian (Göteborg)
Cristian.Nilsson at eltelnetworks.se
Mon Feb 3 14:18:52 CET 2020
Hello,
Thank you for reply!
I am however not really sure I completely understand how to bind this new table to also take into consideration accounting.
I have created a new table inside "radius" db:
MariaDB [radius]> describe macauth;
+------------+-----------------+------+-----+-------------------+-----------------------------+
| Field | Type | Null | Key | Default | Extra |
+------------+-----------------+------+-----+-------------------+-----------------------------+
| id | int(6) unsigned | NO | PRI | NULL | auto_increment |
| macaddress | varchar(17) | NO | | NULL | |
| usergroup | varchar(64) | NO | | NULL | |
| reg_date | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
+------------+-----------------+------+-----+-------------------+-----------------------------+
4 rows in set (0.00 sec)
I have edited _sites-enabled/default_ "authorize {" section and added:
if ("%{sql:SELECT COUNT(macaddress) FROM macauth WHERE macaddress = '%{User-Name}'}" != 0) {
update control {
Auth-Type := "Accept"
}
}
else {
%{sql:INSERT INTO macauth VALUES (0, '%{User-Name}', '5min', NULL)}
}
Now this does work, the user is allowed and I see an entry made in table macauth for each new device.
I am not sure this is a good or a bad way to accept users thou...
And I am now quite clueless as of how to bind this into accounting also... I need to give users some attributes to handle session timers etc. (they would in this case need to match group "5min").
If you could so kindly give me a direction here also I would much appreciate it!
Br,
Cristian
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+cristian.nilsson=eltelnetworks.se at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: den 29 januari 2020 15:15
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: How to deal with device self-registration best?
On Jan 29, 2020, at 2:26 AM, Nilsson, Cristian (Göteborg) <Cristian.Nilsson at eltelnetworks.se> wrote:
> While your way definitely seems like the best way I don't think we have that option with extreme wing controllers.
That makes it harder.
> Where would I start looking to modify the access-accept/reject function of freeradius?
>
> My idea is to do the normal check and if failed just insert into the database.
Since this is a specialized use-case, I would suggest creating a specialized table in SQL. There's no need to use the default schema, which is complicated.
Just create a table of known MACs, and then run SQL queries from unlang:
authorize {
...
if ("%{sql:SELECT mac FROM table WHERE mac = '%{User-Name}}" != "") {
#
# Just run an SQL INSERT with some magic unlang so that it runs
#
update control {
Tmp_String-0 := "%{sql:INSERT into table MAC = '%{User-Name}'}"
}
}
...
}
You will need to create the table, set the correct permissions, and fix the queries for your SQL server. But that's the basic idea.
Alan DeKok.
-
List info/subscribe/unsubscribe? See https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C70df29cb73df43cf7d5c08d7a4c5a7d4%7C9efbd86ae4b1487daab00eb074722602%7C0%7C0%7C637159041140069045&sdata=i89NMVFbUp4HiNNAXvX4Qopof%2FSqb%2FilWr21BRY4BH4%3D&reserved=0
More information about the Freeradius-Users
mailing list