MAC-Authentication from Mysql
Arran Cudbard-Bell
a.cudbardb at googlemail.com
Mon Nov 22 20:12:27 CET 2010
>
> I don't know how to call the sql module for read the list users from mysql. If I put in that section the sql instruction I don't know how compare the sql results with the Calling-Station-Id that the NAS return in the request.
>
> Another thing is that I don't know why the authorization is made in post-auth section.
Because technically authorisation should be performed after authentication, and the server really has it the wrong way round.
Just change the files call in post-auth to be sql.authorize and check for the correct return code...
Or use SQL XLAT...
post-auth{
if(%{sql:SELECT COUNT(*) FROM `authorized_macs` WHERE `mac_address` == "%{Calling-Station-ID}"} > 0){
ok
}
else{
reject
}
}
You'll have to build the tables yourself, but thats not hard...
-Arran
More information about the Freeradius-Users
mailing list