NAP with freeradius
Alan DeKok
aland at deployingradius.com
Fri Nov 14 14:46:10 CET 2014
Zulzig wrote:
> somebody can to say me, if it is possible to use a function that allow
> me to add a condition based on the last authorization of the computer.
> for an example, if the last authorization is superior at X days, the
> computer will be on another vlan.
Yes. BUT that information has to be stored in a database.
i.e. when a user is authorized, you need to run an SQL query to update
the database. It can be a simple 2 column table of username and last
authentication time.
Then when the server receives an Access-Request, run an SQL query to
check that entry. If it exists and is more than X days in the past, put
them into a different VLAN.
> On the mysql server, the radusergroup of the user is modified.
You shouldn't do that. This should be a separate policy.
Alan DeKok.
More information about the Freeradius-Users
mailing list