How to deal with device self-registration best?

Alan DeKok aland at deployingradius.com
Mon Feb 3 16:47:56 CET 2020


On Feb 3, 2020, at 8:18 AM, Nilsson, Cristian (Göteborg) <Cristian.Nilsson at eltelnetworks.se> wrote:
> I am however not really sure I completely understand how to bind this new table to also take into consideration accounting.

  Accounting is completely different from authentication.  

> 
> I have created a new table inside "radius" db:
> 
> MariaDB [radius]> describe macauth;
> +------------+-----------------+------+-----+-------------------+-----------------------------+
> | Field      | Type            | Null | Key | Default           | Extra                       |
> +------------+-----------------+------+-----+-------------------+-----------------------------+
> | id         | int(6) unsigned | NO   | PRI | NULL              | auto_increment              |
> | macaddress | varchar(17)     | NO   |     | NULL              |                             |
> | usergroup  | varchar(64)     | NO   |     | NULL              |                             |
> | reg_date   | timestamp       | NO   |     | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
> +------------+-----------------+------+-----+-------------------+-----------------------------+

  That's good..

> I have edited _sites-enabled/default_ "authorize {" section and added:
> 
> if ("%{sql:SELECT COUNT(macaddress) FROM macauth WHERE macaddress = '%{User-Name}'}" != 0) {
>        update control {
>                Auth-Type := "Accept"
>        }
> }
> else {
>        %{sql:INSERT INTO macauth VALUES (0, '%{User-Name}', '5min', NULL)}
> }

  That should work.

> Now this does work, the user is allowed and I see an entry made in table macauth for each new device.
> I am not sure this is a good or a bad way to accept users thou...

  If it works, it works/

> And I am now quite clueless as of how to bind this into accounting also... I need to give users some attributes to handle session timers etc. (they would in this case need to match group "5min").

  What "group" do you mean?

  You have to write more custom queries here.  It's difficult to give you specific guidance, because it's a complex subject.

  The short answer is that if you're doing custom schemas, you have to write *all* of the queries yourself.  If you use the default schema, everything "just works".  But, the default schema may not do what you need.

  Alan DeKok.




More information about the Freeradius-Users mailing list