freeradius, Calling-Station-Id

Scott Lambert lambert at
Wed Sep 5 20:46:23 CEST 2012

On Wed, Sep 05, 2012 at 09:53:49PM +0400, ZZ Wave wrote:
> Help me please. Can't figure out how to authenticate my PBX calls only by
> Calling-Station-Id attribute, without username. /etc/raddb/users is useless
> here, right?
> Here's "radiusd -X > debug.txt" output:

In the authorize section of my sites-avail/default configuration,
I have code which updates the username before doing an sql module

I suspect you could do something like that for your authorize section
depending on where you store your user authentication information.
If I am correct, I think it would look something like: (untested)

authorize {
        if ( "%{User-Name}" =~ //) {  #User-Name is empty
            update request {
              User-Name := "%{Calling-Station-Id}"



Maybe the update request stuff should go in modules/preprocess?  I,
personally, would probably leave it in authorize{} to have my local
changes spread into as few files as possible.

Then your user file or other backend could have Calling-Station-Id
values as usernames and set "Auth-Type := Accept" to get around not
having a password.

In my MySQL database's radcheck table, that looks like:

| id     | username          | attribute | op | value  |
| 284803 | test              | Auth-Type | := | Accept |

Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at

More information about the Freeradius-Users mailing list