OK, It's 3 AM but I've found a way to store the inner auth id (username) and the outer request's MAC: post-auth { if (!request:Calling-Station-Id ) { update request { Calling-Station-Id = "%{outer.request:Calling-Station-Id}" } sql } } What this does is: if Calling-Station-Id is missing (at least with my NAS it is), then copy it from the outer request. Then log to SQL database. This also avoids logging anonymous requests (otherwise for each auth request two records are generated). Now I would like to know if this looks like it will work. Thanks, Hernan On Sun, Sep 27, 2015 at 2:15 AM, Hernán Freschi <hjf@hjf.com.ar> wrote:
I would like to authenticate WiFi users with EAP and assign an IP address based on their username. I realize this is a two step process: first, the user must be authenticated with EAP. Once this is done, the user will request an IP address via DHCP. But there is no connection between the EAP username, and the client's MAC address which EAP uses.
With EAP, the MAC address is the Calling-Station-ID for the Anonymous identity. The tunneled identity has no ID.
Is it possible to use the post-auth section to log both username and MAC, so the DHCP module can look up the username from MAC address, and assign the address from the right pool? By default the post-auth module writes two records to the radpostauth table: one, from the anonymous identity with the Calling-Station-ID set to the MAC address, and another, for the tunneled identity, with an empty calling ID.
Thanks, Hernan