Username OR Serial Number

Matthew Newton mcn4 at
Tue Nov 29 16:51:51 CET 2016

On Tue, Nov 29, 2016 at 10:27:58AM -0500, David Teston wrote:
> I'd like to enable users to enter their username OR serial number as the
> &User-Name variable, then let /policy.d/filter determine how to process it.
> This would also require that I add an attribute in the radcheck table and
> restructure my SQL queries.
> The serial number is stored as text. All users know their serial numbers,
> but not all users have a username which is how this issue arose.

Haven't got a great deal of info about your setup, but I guess
you've got somewhere a record with a serial number, password and
optional user name.

So unlang that looks at the User-Name and if it looks like a
serial number, do the appropriate sql/ldap/other database lookup
to pull that password into Cleartext-Password. Otherwise if it
doesn't look like a serial number, lookup the username instead
(watching the null case).

Or alternatively, if you detect username not being a serial
number, do some unlang to pull the correct appropriate serial
number and replace the User-Name attribute with that, then proceed
as normal.

This sort of thing will work with PAP auth. If you're doing EAP
then you can't rewrite the User-Name so will need to come up with
something else... but same sort of idea. Look up the username
that's relevant based on the form of User-Name you get.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list