[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Mac Auth and post-auth logging to SQL
From:       Phil Mayers <p.mayers () imperial ! ac ! uk>
Date:       2011-03-29 20:09:20
Message-ID: 4D923C70.9070304 () imperial ! ac ! uk
[Download RAW message or body]

On 03/29/2011 08:52 PM, Jason Antman wrote:
> This makes MUCH more sense, thanks! Now the next (relatively
> new-to-radius) person won't end up as confused as I was.
>
> I have MAC auth working with a SQL data source and custom XLAT to check
> for some special field values in SQL, based on a somewhat custom schema
> (more from the one-row-per-MAC standpoint than using radcheck and

Yeah, we do a similar thing with a database stored procedure to allocate 
an appropriate vlan by mac & location combo; it's basically along the 
lines of:

update control {
   Tmp-String-0 := "%{sql:select .. from proc('%{Calling-Station-Id}')"
}
if (control:Tmp-String-0 =~ /...regexp for SQL result.../) {
   update reply {
     # vlan
     Tunnel-Private-Group-Id := "%{1}"
     Other-Stuff := "%{2}"
   }
}

FreeRadius is damn clever when you grasp it ;o)

> radreply), as well as xlat to include a Username in the reply message.
> When I'm finished with it and have it working, I'll be more than willing
> to pass along my code.

Alan can probably give you a wiki account if you want to document it there.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]