check user device mac address without doing mac-auth
Alan DeKok
aland at deployingradius.com
Tue Apr 4 14:33:09 UTC 2023
O
>
> Have tried adding the following in /sites-enabled/default bottom of "authoriztion { } section", inside "preacct { preprocess } section" and inside "post-auth { } section", any device can connect.
>
> if("%{sql:SELECT COUNT(*) FROM macaddrlist WHERE macaddrlist.username ='%{User-Name}' AND (macaddrlist.macaddr1='%{Calling-Station-Id}' OR macaddrlist.macaddr2='%{Calling-Station-Id}') }" ) {
> ok
> }
> else {
> reject
> }
I'd write that as:
if ("%{sql:SELECT COUNT(*) FROM macaddrlist WHERE macaddrlist.username ='%{User-Name}' AND (macaddrlist.macaddr1='%{Calling-Station-Id}' OR macaddrlist.macaddr2='%{Calling-Station-Id}') }" == "" ) {
reject
}
Just a little simpler.
But I don't see that line in the debug output. So it's not being run, and therefore it's not working.
Make sure that the server is using that configuration, and it should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list