User + Device Authentication to Specific Network
Duncan X Simpson
virtualdxs at gmail.com
Mon Jun 10 07:20:40 CEST 2019
On Jun 8, 2019, at 3:11 AM, Alan DeKok <aland at deployingradius.com> wrote:
> That should be pretty simple. Put the MAC addresses into a database,
and have FreeRADIUS check the database.
>
> if ("%{sql:SELECT MAC from known_macs WHERE MAC =
%{Calling-Station-Id}") {
> ... add to VLAN 2 ...
> }
> else {
> ... add to VLAN 1 ...
> }
>
> You'll have to create your own table, and do some more tests. But
that's the basic idea.
Thank you for the help! I seem to almost have it working, but I've run into
one problem: Attributes don't seem to be expanding. I have the following in
my post-auth section for testing:
update reply {
Unix-FTP-Shell := "%{Calling-Station-Id}"
}
Every time, Unix-FTP-Shell is set, but it's set to "":
(22) # Executing section post-auth from file
/etc/raddb/sites-enabled/inner-tunnel
(22) post-auth {
(22) update reply {
(22) &Tunnel-Type := VLAN
(22) &Tunnel-Medium-Type := IEEE-802
(22) } # update reply = noop
(22) update reply {
(22) EXPAND %{Calling-Station-Id}
(22) -->
(22) Unix-FTP-Shell :=
(22) } # update reply = noop
I've swapped out Calling-Station-Id for a couple other things to test
(Tunnel-Type (which I set about 3 lines up) and Service-Type (which came in
with the request)), both with the same results. Why are these not getting
expanded? Is post-auth the wrong place to do this?
More information about the Freeradius-Users
mailing list