Freeradius Restrict User Auth Request Based on VLAN
Nathan Ward
lists+freeradius at daork.net
Thu Jan 18 00:48:00 CET 2018
> On 18/01/2018, at 12:47 AM, JAHANZAIB SYED <aacable at hotmail.com> wrote:
>
> Respected Nathan Ward,
>
>
> I just tested following & worked ok,
Awesome !
> if ("%{sql: select vlanid from users where username = '%{User-Name}'}" != "%{NAS-Port-Id}") {
> update reply {
> Reply-Message = 'You are not allowed to connect from this VLAN'
> }
> update control {
> Auth-Type := "Reject"
> }
> }
>
> Any suggestions to improve this? is this approach OK?
Looks OK to me.
> can I make module for it ? and based on return result , take action? in checkval/expiration modules?
What do you mean “make a module for it” - you can make modules for anything you want.
Don’t use checkval: http://networkradius.com/doc/3.0.10/upgrading/deleted-modules.html <http://networkradius.com/doc/3.0.10/upgrading/deleted-modules.html>
What do you want the expiration module to do here exactly?
--
Nathan Ward
More information about the Freeradius-Users
mailing list