Authentication and Content filter

Vijay S vijay.hcr at gmail.com
Fri Jul 24 07:09:20 CEST 2015


In order to give you precise suggestion you have to mention What NAS you
are using .
Just few clues you can give different ip addresses to these clients and
then create firewall rules based on source destination this would be the
easiest trick.


Regards
Vijay A.

On Friday, July 24, 2015, Pablo Umanzor <info at redlibre.cl> wrote:

> "filter-id" attribute could be the key
>
> try using a radgroupreply with attribute: filted-id , value : aclfreesurf
> and name groupfree
>
> your users that match this rule obviously must to be into groupfree
> radusergroup
>
> the above if you have FR+sql
>
>
>
>
> then if your hotspot is a mikrotik for example , you have to make a filter
> rule with hotspot chain, action: jump, jump target :groupfree
> at the end  the groupfree rule will be your ac
>
> regards
> pablou
>
> 2015-07-22 11:37 GMT-03:00 Andrés Gómez <andres.gomez.ruiz at gmail.com
> <javascript:;>>:
>
> > Thanks a lot Fernando!
> >
> > My NAS can use D-VLAN, but only with MAC or 802.1x authentication, not
> with
> > Web authenticacion.
> >
> > I think Squid is the answer, but I cant understand how does It work with
> > freeradius,
> >
> > Regards
> >
> > 2015-07-22 8:38 GMT-05:00 Fernando Pizarro <feanpg at gmail.com
> <javascript:;>>:
> >
> > >
> > > El 22/07/15 a las 15:04, Andrés Gómez escribió:
> > >
> > >> Hi everybody!!
> > >>
> > >> I'm using a captive portal + freeradius + mysql to do AAA of users in
> a
> > >> private network. All work great. I can set timeout, up/down speed,
> etc.,
> > >> by
> > >> groups/profiles (using tables groupradcheck, grouradreply, etc in my
> > mysql
> > >> DB). But Now I need to do an extra control. I need to implement a
> > content
> > >> control based on the freeradius's user profiles.
> > >>
> > >> I mean.
> > >> User of group1 can surf only on some list of websites.
> > >> User of group2 can surf only on .edu domines.
> > >> User of group3 have free surf.
> > >>
> > >> I know it's not a task of freeradius to do content filter, but I have
> > seen
> > >> than can do some integration with another free servers like Squid.
> > >>
> > >> I appreciate if you can give me your advices.
> > >>
> > >> Regards,
> > >>
> > >>  Sorry, I can try explain better.
> > >
> > > If you freeradius act like router between your private network and
> > > Internet. Create diferent VLANs on the machine and add in your profiles
> > > Dynamic VLAN attributes for the groups.
> > >
> > > On Squid, create diferent ACLs for the radius profile with your
> filters.
> > >
> > > Sorry for my language.
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> > --
> > *C. Andrés Gómez R.*
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list