MAC-Authentication from Mysql

Arran Cudbard-Bell a.cudbardb at
Mon Nov 22 20:12:27 CET 2010

> I don't know how to call the sql module for read the list users from mysql. If I put in that section the sql instruction I don't know how compare the sql results with the Calling-Station-Id that the NAS return in the request.
> Another thing is that I don't know why the authorization is made in post-auth section.

Because technically authorisation should be performed after authentication, and the server really has it the wrong way round.

Just change the files call in post-auth to be sql.authorize and check for the correct return code...

Or use SQL XLAT... 

	if(%{sql:SELECT COUNT(*) FROM `authorized_macs` WHERE `mac_address` == "%{Calling-Station-ID}"} > 0){

You'll have to build the tables yourself, but thats not hard...


More information about the Freeradius-Users mailing list