Rlm_sql in freeradius-1.1.7
Dashamir Hoxha
dhoxha at albaniaonline.net
Fri Jan 18 09:13:35 CET 2008
Orion wrote:
> -------+----+--------------++----+----------+-------------
> | id | username | attribute | op | value |
> +----+----------+--------------------+----+--------------+
> | 1 | orioni | Called-Station-Id | == | 001bd136e285 |
> | 2 | orioni | Cleartext-Password | := | test |
> | 3 | orioni | Simultaneous-Use | := | 2 |
> +----+----------+--------------------+----+--------------+
>
> .
>
> you can put to record for 'Called-Station-Id'
> with the mac addresses of the Access Points from
> wich the client is allowed to login.
Thank you, Orion. Your suggestion is useful, it works.
I had made up my mind that the best way is to do it with
groups and I was not looking at the simple solutions.
However, the solution that you suggest has a restriction.
It can be used for only 1 NAS (a user can authenticate
himself at only one access point). However I would like the
user to be able to access the internet through several
access points.
This can be done if we use the attribute Called-Station-Id
(or NAS-Identifier) with the operator '=~' and a value like
this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
This is a regular expression that will match the attribute
if its value is one of them that are listed.
This solution still has a restriction. Since the value of
an attribute is varchar(253), it cannot contain more than 14
MAC-s listed. So, a user cannot use more than 14 access points
for connecting to the internet. For the time being this is
acceptable for me, however I am still looking for other
solutions. I am also planning to try freeradius 2.
Regards,
Dashamir
More information about the Freeradius-Users
mailing list