Authentication and Content filter

Pablo Umanzor info at redlibre.cl
Fri Jul 24 06:25:35 CEST 2015


"filter-id" attribute could be the key

try using a radgroupreply with attribute: filted-id , value : aclfreesurf
and name groupfree

your users that match this rule obviously must to be into groupfree
radusergroup

the above if you have FR+sql




then if your hotspot is a mikrotik for example , you have to make a filter
rule with hotspot chain, action: jump, jump target :groupfree
at the end  the groupfree rule will be your ac

regards
pablou

2015-07-22 11:37 GMT-03:00 Andrés Gómez <andres.gomez.ruiz at gmail.com>:

> Thanks a lot Fernando!
>
> My NAS can use D-VLAN, but only with MAC or 802.1x authentication, not with
> Web authenticacion.
>
> I think Squid is the answer, but I cant understand how does It work with
> freeradius,
>
> Regards
>
> 2015-07-22 8:38 GMT-05:00 Fernando Pizarro <feanpg at gmail.com>:
>
> >
> > El 22/07/15 a las 15:04, Andrés Gómez escribió:
> >
> >> Hi everybody!!
> >>
> >> I'm using a captive portal + freeradius + mysql to do AAA of users in a
> >> private network. All work great. I can set timeout, up/down speed, etc.,
> >> by
> >> groups/profiles (using tables groupradcheck, grouradreply, etc in my
> mysql
> >> DB). But Now I need to do an extra control. I need to implement a
> content
> >> control based on the freeradius's user profiles.
> >>
> >> I mean.
> >> User of group1 can surf only on some list of websites.
> >> User of group2 can surf only on .edu domines.
> >> User of group3 have free surf.
> >>
> >> I know it's not a task of freeradius to do content filter, but I have
> seen
> >> than can do some integration with another free servers like Squid.
> >>
> >> I appreciate if you can give me your advices.
> >>
> >> Regards,
> >>
> >>  Sorry, I can try explain better.
> >
> > If you freeradius act like router between your private network and
> > Internet. Create diferent VLANs on the machine and add in your profiles
> > Dynamic VLAN attributes for the groups.
> >
> > On Squid, create diferent ACLs for the radius profile with your filters.
> >
> > Sorry for my language.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
> --
> *C. Andrés Gómez R.*
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list