How to deal with device self-registration best?

Alan DeKok aland at
Wed Jan 29 01:37:16 CET 2020

On Jan 28, 2020, at 5:16 PM, Nilsson, Cristian (Göteborg) <Cristian.Nilsson at> wrote:
> I have a setup of Extreme Wing wi-fi controller and want to implement a guest-user system with captive-portal and device registration/recognition in combination with the standard pre-defined users.

  Generally speaking, registration is done by the captive portal.  RADIUS doesn't really support that.

> I have a radius server going and everything is good as long as I have a user created in radius.


> Now my challenge is that for "device registration" I see in radius debugs a username sent in form of device mac-address (password is empty) and the expected access-reject as this user is not defined.

  Yes, because the user / device isn't known.

> How can I on the fly add non-existing users into radius database (we use mysql) and from there let accounting take over for session limitations etc?

  While it's possible to update the SQL tables dynamically, it's not recommended.  FreeRADIUS doesn't typically have write permission to the "radcheck" and "radreply" tables, for security reasons.

  My $0.02 is to get the captive portal to update the SQL database.  It's the common practice, and it's the best / simplest way to do it.

  Alan DeKok.

More information about the Freeradius-Users mailing list