allow WLAN-access in certain offices only
radius.pkoch at dfgh.net
radius.pkoch at dfgh.net
Tue Apr 20 19:04:56 CEST 2021
Dear Freeradius experts,
I have just compiled Freeradius from source and red some of the
documentation.
WPA2-EAP works with username bob and password hello.
radiusd -X shows no errors.
Now here's what I would like to achive and maybe some of you can point me
into the right direction:
We have equipped all of our offices (approx 100) with seperate WLAN
access points.
Every employee should be able to access the access point in its own
office and
in some of our conference rooms. Every employee owns an OAuth token that
generates a 6digit one time password.
Whenever a user tries to access a WLAN access point with his username
and his one time password the following should happen:
1) if the password is wrong access should be denied
2) if the access point is not located in the office of the employee or
in one
of the conference rooms of the employees department access should be denied
Our central oracle database has information about the ip-address and
location
of every access point and the office rooms of every employee.
My first idea was to write a php-script (because that's the scripting
language
I'm familiar with) and use that via rlm_exec. I will do this as a proof
of concept.
Since neither I nor any of my colleagues have perl-experience I'd rather
write
a new module in C than use perl.
Is there a module that will send all parameters to a unix or inet socket and
receives the results from that socket? How abount rlm_socket?
Kind regards
Peter
More information about the Freeradius-Users
mailing list