Check on ADSL-Agent-Remote-Id instead of username

Alan DeKok aland at deployingradius.com
Wed Apr 11 17:08:00 CEST 2018


On Apr 11, 2018, at 10:53 AM, Marijn van Gool <marijn.vangool at comsave.com> wrote:
> 
> We’ve been using freeradius for a couple of years now and have expanded to connectiong users via PPPoE.
> Currently we give our customers a username and password whether they are authorized to connect.
> We want to change this to ADSL-Agent-Remote-Id, an attribute we see in the Access-Request packet.

  That should be simple...

	if (ADSL-Agent-Remote-Id == ...) {
		update control {
			Auth-Type := Accept
		}
	}

  Thought to be honest, it's probably best to just put those remote IDs into an SQL table, and just use a SELECT to match it.

	if ("%{sql:SELECT agent_remote_id FROM table WHERE agent_remote_id = %{ADSL-Agent-Remote-Id}}" != "") {
		update control {
			Auth-Type := Accept
		}
	}

  You'll have to edit the SQL query, of course.

> We are using this version of freeradius: 
> 
> root at server1:~# freeradius -v
> freeradius: FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26 2015 at 14:47:03
> 
> We will upgrade to a version beyond 3.x.x soon.

  You should be able to upgrade to 2.2.10 without any configuration changes.  That version has many, many, fixes over 2.1.12.

  Alan DeKok.




More information about the Freeradius-Users mailing list