Check Chillispot-VLAN-Id
Stuart Baggs
stuart at bwc.im
Tue Nov 5 08:43:47 CET 2013
Hi All
First post from a longtime reader / free radius user. We have CoovaChilli (a Wi-Fi captive portal program) tied together with FreeRadius for AAA. When an access request is sent to FreeRadius, Coova-Chill sends an attribute called Chillispot-VLAN-Id. What I’d like to do is check this attribute at the time of user login and make sure they’re allowed to be on a certain VLAN.
I was thinking of having a custom check attribute in the radgroupreply table with something like Permitted-VLANS := 1,2,3,4
All I need free radius to do is ignore the check if there is not Permitted-VLANS attribute for that user or, if specified, make sure Chillispot-VLAN-Id is contained within Permitted-VLANS.
We do this to stop users in certain locations from gaining access. Traditional huntgroups won’t work for us as we’re using a single NAS for all areas.
Thanks in advance
Stuart
More information about the Freeradius-Users
mailing list