Restricting users to their own devices
Dom Latter
freeradius-users at latter.org
Tue Apr 23 18:02:03 CEST 2019
On 22/04/2019 17:10, Sudheer S wrote:
> Hello,
>
> I am using Freeraidius and I want to restrict users to their own devices.
>
> I have inserted the Mac addresses of the users in radcheck table with
> the attribute Calling-Station-Id. Here's an example:
>
> SELECT * FROM radcheck;
> id | username | attribute | op | value
> -------+------------+--------------------+----+--------------
> 23175 | testuser01 | Cleartext-Password | := | password
> 23177 | testuser01 | Calling-Station-Id | := | aabbccddeefa
> 23178 | testuser01 | Calling-Station-Id | := | aabbccddeeff
Our radcheck looks like this.
id | username | attribute | op | value
-------+------------+--------------------+----+--------------
23175 | testuser01 | Cleartext-Password | := | password
23177 | testuser01 | Calling-Station-Id | := | aabbccddeefa
Calling-Station-Id =~ AB-CD-EF-AB-CD-EF|AB-CD-EF-AB-CD-EE|.*
Here we have two stored MAC addresses and a wildcard, which allows
a user to authenticate, but then go on to further processing in unlang /
external script that will (for example) store a third MAC address.
More information about the Freeradius-Users
mailing list