How to deal with device self-registration best?

Alan DeKok aland at deployingradius.com
Wed Jan 29 15:14:46 CET 2020


On Jan 29, 2020, at 2:26 AM, Nilsson, Cristian (Göteborg) <Cristian.Nilsson at eltelnetworks.se> wrote:
> While your way definitely seems like the best way I don't think we have that option with extreme wing controllers.

  That makes it harder.

> Where would I start looking to modify the access-accept/reject function of freeradius?
> 
> My idea is to do the normal check and if failed just insert into the database.

  Since this is a specialized use-case, I would suggest creating a specialized table in SQL.  There's no need to use the default schema, which is complicated.

  Just create a table of known MACs, and then run SQL queries from unlang:

authorize {
	...

	if ("%{sql:SELECT mac FROM table WHERE mac = '%{User-Name}}" != "") {
		#
		#  Just run an SQL INSERT with some magic unlang so that it runs
		#
		update control {
			Tmp_String-0 := "%{sql:INSERT into table MAC = '%{User-Name}'}"
		}
	}
	...
}

  You will need to create the table, set the correct permissions, and fix the queries for your SQL server.  But that's the basic idea.

  Alan DeKok.




More information about the Freeradius-Users mailing list