Additional Step for Authentication

Alan Buxey alan.buxey at gmail.com
Fri Mar 16 14:06:41 CET 2018


All depends on the NAS . Obviously you send back an access accept to let
the device know the user can login, reject otherwise. You can send the
session time allowed to the NAS if its capable. For API usage, that's up to
you how you integrate eg with perl, python etc but faster and easier
results if you can just pull the value out with LDAP :)

On Fri, 16 Mar 2018, 12:10 Christian Becerra, <chris at sapomiami.com> wrote:

> Good Morning
>
> We have FreeRadius authenticating users via AD.  We want to perform an
> additional step of Authorization based on "Time Allowed to Login"
>
> We have an API that will already check if the User is allowed in based on
> their login time.
>
> What documentation can I look at to create the script?  Basically if
> FreeRadius checks AD and thats good....then to make the additional check
> against our API and then to respond to the NAS that logging in is allowed.
>
> Let me know and I will start to research.
>
> Thanks
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list