Freeradius Restrict User Auth Request Based on VLAN
Alan DeKok
aland at deployingradius.com
Wed Jan 17 10:15:44 CET 2018
On Jan 17, 2018, at 2:12 AM, JAHANZAIB SYED <aacable at hotmail.com> wrote:
>
> We have Mikrotik as NAS and Freeradius as billing. VLAN are configured for each dealer's area. We have few reseller/franchise managers, like Dealer-A, Dealer-B. They can create there own users in freeradius using fronted designed in php. All dealers can view/edit there own users only.
>
> Sometimes it happens that Dealer-A creates ID and give it to a user/friend who is sitting in Dealer-B network, therefore from Billing perspective its a Loss of Dealer-B.
>
> Can we impose some restriction so that User-ID's created by each dealer should be able to connect only from his network (or from there own VLAN) only.
Sure. You need to update your DB schema and queries tho.
- put the NASes into groups (dealer-A, dealer-B, etc.)
- ensure that the users are somehow associated with different dealers
- on login, look up dealer of NAS (call this NAS-dealer)
- on login, lookup dealer of user (call this User-Dealer)
- if User-dealer != NAS-dealer, then reject
More details can't be given, because your question is very high level.
Alan DeKok.
More information about the Freeradius-Users
mailing list