Evaluate Ldap-Group and SSID for WiFi authorization
Alan DeKok
aland at deployingradius.com
Fri Sep 1 15:23:15 CEST 2017
On Sep 1, 2017, at 8:58 AM, Adam Cage <adamcage27 at gmail.com> wrote:
>
> Dear, thank you, LDAP authorization works OK now. Using outer.request was
> the solution!!!
That's good.
> At the moment I have this scenario:
>
> AD authentication --> OK
> LDAP group and SSID authorization --> OK
>
> Is it possible to add and SQL authorization in order to query a remote
> MySQL DB searching for MAC Addresses defined in a whitelist table ???
Sure. Just add an SQL query to the configuration:
if ("%{sql:SELECT ... }") {
...
}
Run the SELECT manually. Use Calling-Station-ID for the MAC address, or if that attribute has the SSID in it, add "rewrite_called_station_id" in the "authorize" section, before the SQL SELECT.
> If
> the MAC Address is in the table, and the group and SSID are OK with the
> LDAP authorization section, finally the user can access the WiFi network.
>
> In the affirmative case, do I have to install a new freeradius package?
You will need to be sure that rlm_sql is installed.
You may need to install v3. Honestly, just install 3.0.15, and go with that.
> And
> which extra files do I have to edit ?
You will need to edit raddb/sites-enabled/default, and also the raddb/mods-enabled/sql
Alan DeKok.
More information about the Freeradius-Users
mailing list