Restricting users to their own devices
Sudheer S
sudheer at techchorus.net
Mon Apr 22 18:10:43 CEST 2019
Hello,
I am using Freeraidius and I want to restrict users to their own devices.
I have inserted the Mac addresses of the users in radcheck table with
the attribute Calling-Station-Id. Here's an example:
SELECT * FROM radcheck;
id | username | attribute | op | value
-------+------------+--------------------+----+--------------
23175 | testuser01 | Cleartext-Password | := | password
23177 | testuser01 | Calling-Station-Id | := | aabbccddeefa
23178 | testuser01 | Calling-Station-Id | := | aabbccddeeff
In this case, the user testuser01 has two devices. aabbccddeefa and
aabbccddeeff are their respective mac addresses.
In the authorize section, I have this snippet:
if (Calling-Station-Id != "%{sql: SELECT value FROM radcheck WHERE
username='%{User-Name}' AND value='%{Calling-Station-Id}'}") {
reject
update reply {
Reply-Message = "Unauthorized device"
}
}
This setup works.
I was wondering whether this is an acceptable way to restrict users to
their own devices.
Initially, I assumed Freeradius would restrict the users based on
Calling-Station-Id in radcheck table. But when I tested, my assumption
was wrong. Therefore, I put up the unlang. Please advise on best
practices to handle such requirements.
-
Sudheer S
More information about the Freeradius-Users
mailing list