Evaluate Ldap-Group and SSID for WiFi authorization
Adam Cage
adamcage27 at gmail.com
Mon Sep 4 15:09:37 CEST 2017
Dear Alan, thanks for your response....just two things for the moment:
> You may need to install v3. Honestly, just install 3.0.15, and go with
that.
Ok, but can I use my current server with version 2.2.5 in order to test the
SQL authorization or the use of version 3.x is mandatory ???
> You will need to edit raddb/sites-enabled/default, and also the
raddb/mods-enabled/sql
Now I have edited default and inner-tunnel files, but you tell me to edit
just default (and also sql module)...inner-tunel is not necessary???
Really thanks, regards!
ADAM
2017-09-01 10:23 GMT-03:00 Alan DeKok <aland at deployingradius.com>:
> On Sep 1, 2017, at 8:58 AM, Adam Cage <adamcage27 at gmail.com> wrote:
> >
> > Dear, thank you, LDAP authorization works OK now. Using outer.request was
> > the solution!!!
>
> That's good.
>
> > At the moment I have this scenario:
> >
> > AD authentication --> OK
> > LDAP group and SSID authorization --> OK
> >
> > Is it possible to add and SQL authorization in order to query a remote
> > MySQL DB searching for MAC Addresses defined in a whitelist table ???
>
> Sure. Just add an SQL query to the configuration:
>
> if ("%{sql:SELECT ... }") {
> ...
> }
>
> Run the SELECT manually. Use Calling-Station-ID for the MAC address, or
> if that attribute has the SSID in it, add "rewrite_called_station_id" in
> the "authorize" section, before the SQL SELECT.
>
> > If
> > the MAC Address is in the table, and the group and SSID are OK with the
> > LDAP authorization section, finally the user can access the WiFi network.
> >
> > In the affirmative case, do I have to install a new freeradius package?
>
> You will need to be sure that rlm_sql is installed.
>
> You may need to install v3. Honestly, just install 3.0.15, and go with
> that.
>
> > And
> > which extra files do I have to edit ?
>
> You will need to edit raddb/sites-enabled/default, and also the
> raddb/mods-enabled/sql
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list