Username OR Serial Number

Alan DeKok aland at deployingradius.com
Tue Nov 29 16:55:39 CET 2016


On Nov 29, 2016, at 10:27 AM, David Teston <dteston at georgialibraries.org> wrote:
> 
> I'd like to enable users to enter their username OR serial number as the
> &User-Name variable, then let /policy.d/filter determine how to process it.

  What does that mean?

  When the user logs in, the server gets a User-Name attribute.  It has no idea if the contents are a user name, or a serial number.  It has no idea that user "bob" is really the same person as serial number "123456".

> This would also require that I add an attribute in the radcheck table and
> restructure my SQL queries.

  To do... what?

  Be specific.

> The serial number is stored as text. All users know their serial numbers,
> but not all users have a username which is how this issue arose.
> 
> Any advice would be helpful. Thanks in advance,

  The description of this problem is vague at best.  It's difficult to give advice when you're not clear what you're doing, or what you need.

  Describe the problem not the solution you've came up with.  Describe what you see in a packet.  Give examples.  Describe what you need to happen.  e.g. user "bob" gets the same policy / whatever as user "123456".

  TBH, based on your vague description, the simplest thing to do is to have a table which maps serial numbers to User-Names.  Then, when someone logs in using a serial number, look that up in the table, get the name.  Set the Stripped-User-Name to the name you get from the table.  And then base all of your remaining policies on the real name, e.g. "bob".

  The recommended approach to these issues is to simplify the problem.  Find a way to turn two things into one thing.  Don't increase the complexity by allowing two different things everywhere in the server.  That's a nightmare which will be impossible to maintain or debug.

  Alan DeKok.




More information about the Freeradius-Users mailing list