Wonderful !! quality of information was superb. Understood !! Thanks / Regards RM -- On Fri, Sep 26, 2014 at 2:58 PM, Alan DeKok <aland@deployingradius.com> wrote:
Russell Mike wrote:
i wish to process authentication section before authorization & then accounting. We want to authenticate CPE (Motorola SM) using EAP (working) and then authorize using MAC address from a database. if not found, redirect to a URL.
That can be done in the post-auth section. EAP uses multiple round trips, so you *don't* want to be looking up the MAC in the DB for every packet. Once is good enough.
You can just put a SELECT statement into post-auth:
post-auth { ...
if ("%{sql:SELECT ...}") { # found } else { # re-direct to URL ??? } ... }
Put the MAC into a table by itself. There's no need to use the standard FreeRADIUS schema. A simpler one can be simpler.
And RADIUS doesn't do URL redirection. The AP has to support that. So if the AP documentation doesn't say it does URL redirection... it's not possible.
That's what hotspots are for. They can do IP layer filtering and redirection. It's impossible to do that in standard RADIUS.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html