SQL replacement for users file
HCC Lists
hcc.lists at gmail.com
Mon Mar 2 23:47:40 CET 2015
Hello
I know that I can use SQL to replace most of what can be done in the
users file. What I want to do is roughly:
test Huntgroup-Name != "WAP", Cleartext-Password := "test",
Auth-Type := Reject
Reply-Message = "Your account is limited to WiFi."
test Cleartext-Password := "test", Huntgroup-Name == "WAP"
Reply-Message = "WiFi enabled."
I have added SQL Huntgroup support by adding the following to
sites-enabled/default right after preprocess.
update request {
Huntgroup-Name := "%{sql:SELECT groupname FROM
radhuntgroup WHERE nasipaddress='%{Client-IP-Address}'}"
}
if(Huntgroup-Name == "") {
update request {
Huntgroup-Name !* ANY
}
}
The idea is to limit some accounts to WiFi only using WPA2-Enterprise. I
don't want those accounts to be able to connect to the VPN. I am less
worried about the VPN accounts connecting to the WiFi.
What I cannot figure out is what combination of entries in the radcheck,
radgroupcheck, radgroupreply, and radreply will do this.
I have in radcheck:
Username | Attribute | op | Value
---------+---------------------+----+---------
test | Cleartext-Password | := | test
In radgroupcheck
GroupName | Attribute | op | Value
----------+----------------+----+---------
WAP | Huntgroup-Name | == | WAP
In radgroupreply
GroupName | Attribute | op | Value
----------+---------------+----+----------------
WAP | Reply-Message | = | WiFi enabled.
I have nothing specific in radcheck. I have tried more combinations that
I can remember with no success.
I am hoping I can do this in SQL, but I suppose I can figure out how to
do it using unlang.
Michael
More information about the Freeradius-Users
mailing list