On Sep 1, 2017, at 8:58 AM, Adam Cage <adamcage27@gmail.com> wrote:
Dear, thank you, LDAP authorization works OK now. Using outer.request was the solution!!!
That's good.
At the moment I have this scenario:
AD authentication --> OK LDAP group and SSID authorization --> OK
Is it possible to add and SQL authorization in order to query a remote MySQL DB searching for MAC Addresses defined in a whitelist table ???
Sure. Just add an SQL query to the configuration: if ("%{sql:SELECT ... }") { ... } Run the SELECT manually. Use Calling-Station-ID for the MAC address, or if that attribute has the SSID in it, add "rewrite_called_station_id" in the "authorize" section, before the SQL SELECT.
If the MAC Address is in the table, and the group and SSID are OK with the LDAP authorization section, finally the user can access the WiFi network.
In the affirmative case, do I have to install a new freeradius package?
You will need to be sure that rlm_sql is installed. You may need to install v3. Honestly, just install 3.0.15, and go with that.
And which extra files do I have to edit ?
You will need to edit raddb/sites-enabled/default, and also the raddb/mods-enabled/sql Alan DeKok.