check user device mac address without doing mac-auth
Alan DeKok
aland at deployingradius.com
Mon Apr 3 19:09:44 UTC 2023
On Apr 3, 2023, at 1:10 PM, Eby Mani via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> My bad, have used "==" operator with "users" file.
That's good.
> The following in radcheck is working, is it possible to add multiple mac-addr values ?. I tried adding 3rd row with different mac-addr, it did not work.
Please read the SQL module documentation. See the wiki for "rlm_sql". The documentation describes how the module works, and what needs to go into SQL.
You can't just add things to SQL and expect FreeRADIUS to understand what you mean.
>> What you want is s policy which says:
>>
>> if user is X and MAC is not Y
>> reject
>
> Where to add this query ?.
>
> In sites-enabled/default, under authenticate {} or authorize {} section or somewhere else ?.
You can add some "unlang" to the "authorize" section. If you see the sample configuration for sites-available/default, for the difference between "authorize" and "authentication", the location for the rules should be fairly clear.
You can't just put the SQL query into a virtual server, though.
Alan DeKok.
More information about the Freeradius-Users
mailing list