allow WLAN-access in certain offices only

radius.pkoch at dfgh.net radius.pkoch at dfgh.net
Tue Apr 20 19:04:56 CEST 2021


Dear Freeradius experts,

I have just compiled Freeradius from source and red some of the 
documentation.
WPA2-EAP works with username bob and password hello.
radiusd -X shows no errors.

Now here's what I would like to achive and maybe some of you can point me
into the right direction:

We have equipped all of our offices (approx 100) with seperate WLAN 
access points.
Every employee should be able to access the access point in its own 
office and
in some of our conference rooms. Every employee owns an OAuth token that
generates a 6digit one time password.

Whenever a user tries to access a WLAN access point with his username
and his one time password the following should happen:

1) if the password is wrong access should be denied
2) if the access point is not located in the office of the employee or 
in one
of the conference rooms of the employees department access should be denied

Our central oracle database has information about the ip-address and 
location
of every access point and the office rooms of every employee.

My first idea was to write a php-script (because that's the scripting 
language
I'm familiar with) and use that via rlm_exec. I will do this as a proof 
of concept.

Since neither I nor any of my colleagues have perl-experience I'd rather 
write
a new module in C than use perl.

Is there a module that will send all parameters to a unix or inet socket and
receives the results from that socket? How abount rlm_socket?

Kind regards

Peter




More information about the Freeradius-Users mailing list