Username OR Serial Number
Matthew Newton
mcn4 at leicester.ac.uk
Tue Nov 29 16:51:51 CET 2016
On Tue, Nov 29, 2016 at 10:27:58AM -0500, David Teston wrote:
> I'd like to enable users to enter their username OR serial number as the
> &User-Name variable, then let /policy.d/filter determine how to process it.
> This would also require that I add an attribute in the radcheck table and
> restructure my SQL queries.
>
> The serial number is stored as text. All users know their serial numbers,
> but not all users have a username which is how this issue arose.
Haven't got a great deal of info about your setup, but I guess
you've got somewhere a record with a serial number, password and
optional user name.
So unlang that looks at the User-Name and if it looks like a
serial number, do the appropriate sql/ldap/other database lookup
to pull that password into Cleartext-Password. Otherwise if it
doesn't look like a serial number, lookup the username instead
(watching the null case).
Or alternatively, if you detect username not being a serial
number, do some unlang to pull the correct appropriate serial
number and replace the User-Name attribute with that, then proceed
as normal.
This sort of thing will work with PAP auth. If you're doing EAP
then you can't rewrite the User-Name so will need to come up with
something else... but same sort of idea. Look up the username
that's relevant based on the form of User-Name you get.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list