Aaron Jansen wrote:
For a user FreeRADIUS should check the user name, password, and the MAC address. The MAC address can be one of many in a list stored in a database. So, this is not about a single user logging in on only one device.
I have taken a look at the rad(group)check table, but it seems that ALL attributes should check out alright for the user to be authenticated. So, I cannot just simply add a list of all possible user/MAC combinations.
The existing tables are for specific purposes. If you need something else, don't use them.
How can I best achieve this? Any help would be appreciated.
Create a table just for MAC addresses. Then, do: authorize { ... if ("%{sql:SELECT mac FROM mac_table WHERE...}") { # mac is known } else { # mac is unknown } ... } Run the SQL select by hand until you get it working, and then add it to the configuration file.