Authorize all users, and use radius attributes

Alan DeKok aland at
Mon Oct 23 15:16:31 CEST 2017

On Oct 23, 2017, at 9:09 AM, Andrés Gómez <andres.gomez.ruiz at> wrote:
> My network uses a captive portal to show an user information and it has a
> simple "I Accept" button to login. When user clicks thar button, my web
> application sends to the radius server the user MAC address like username
> and the numbers "123456" as password.

  That's a common use-case.

> Because every user must login, I have to authotize every request. So I did
> this in users file:
> DEFAULT Auth-Type := Accept
> Everything works fine!

  That's good.

> I'm using a SQL database, and some of those MAC address are stored in the
> radcheck table and have records in radrepply table in order to use some
> radius attributes like "Session-Timeout = 3600".
> I didn't enable the use of SQL in the authorization section on
> sites-enabled/default because some times the MAC address is not recorded in
> the radcheck table. But nevertheless, I have to authorize it.

  You can still use SQL...

> How can I answer with an Accept response every request, but make a query
> and if exists any record on radrepply table, give those attributes in the
> same response?

  Configure SQL, and use the "sql" module in the "authorize" section.  If the user is found, then their attributes will be returned.  If the user isn't found, they will still be authorized by the "Auth-Type := Accept".

  Alan DeKok.

More information about the Freeradius-Users mailing list