Hello, Thank you for reply! I am however not really sure I completely understand how to bind this new table to also take into consideration accounting. I have created a new table inside "radius" db: MariaDB [radius]> describe macauth; +------------+-----------------+------+-----+-------------------+-----------------------------+ | Field | Type | Null | Key | Default | Extra | +------------+-----------------+------+-----+-------------------+-----------------------------+ | id | int(6) unsigned | NO | PRI | NULL | auto_increment | | macaddress | varchar(17) | NO | | NULL | | | usergroup | varchar(64) | NO | | NULL | | | reg_date | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP | +------------+-----------------+------+-----+-------------------+-----------------------------+ 4 rows in set (0.00 sec) I have edited _sites-enabled/default_ "authorize {" section and added: if ("%{sql:SELECT COUNT(macaddress) FROM macauth WHERE macaddress = '%{User-Name}'}" != 0) { update control { Auth-Type := "Accept" } } else { %{sql:INSERT INTO macauth VALUES (0, '%{User-Name}', '5min', NULL)} } Now this does work, the user is allowed and I see an entry made in table macauth for each new device. I am not sure this is a good or a bad way to accept users thou... And I am now quite clueless as of how to bind this into accounting also... I need to give users some attributes to handle session timers etc. (they would in this case need to match group "5min"). If you could so kindly give me a direction here also I would much appreciate it! Br, Cristian -----Original Message----- From: Freeradius-Users <freeradius-users-bounces+cristian.nilsson=eltelnetworks.se@lists.freeradius.org> On Behalf Of Alan DeKok Sent: den 29 januari 2020 15:15 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: How to deal with device self-registration best? On Jan 29, 2020, at 2:26 AM, Nilsson, Cristian (Göteborg) <Cristian.Nilsson@eltelnetworks.se> wrote:
While your way definitely seems like the best way I don't think we have that option with extreme wing controllers.
That makes it harder.
Where would I start looking to modify the access-accept/reject function of freeradius?
My idea is to do the normal check and if failed just insert into the database.
Since this is a specialized use-case, I would suggest creating a specialized table in SQL. There's no need to use the default schema, which is complicated. Just create a table of known MACs, and then run SQL queries from unlang: authorize { ... if ("%{sql:SELECT mac FROM table WHERE mac = '%{User-Name}}" != "") { # # Just run an SQL INSERT with some magic unlang so that it runs # update control { Tmp_String-0 := "%{sql:INSERT into table MAC = '%{User-Name}'}" } } ... } You will need to create the table, set the correct permissions, and fix the queries for your SQL server. But that's the basic idea. Alan DeKok. - List info/subscribe/unsubscribe? See https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C70df29cb73df43cf7d5c08d7a4c5a7d4%7C9efbd86ae4b1487daab00eb074722602%7C0%7C0%7C637159041140069045&sdata=i89NMVFbUp4HiNNAXvX4Qopof%2FSqb%2FilWr21BRY4BH4%3D&reserved=0