[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Mac Auth and post-auth logging to SQL
From: Phil Mayers <p.mayers () imperial ! ac ! uk>
Date: 2011-03-29 20:09:20
Message-ID: 4D923C70.9070304 () imperial ! ac ! uk
[Download RAW message or body]
On 03/29/2011 08:52 PM, Jason Antman wrote:
> This makes MUCH more sense, thanks! Now the next (relatively
> new-to-radius) person won't end up as confused as I was.
>
> I have MAC auth working with a SQL data source and custom XLAT to check
> for some special field values in SQL, based on a somewhat custom schema
> (more from the one-row-per-MAC standpoint than using radcheck and
Yeah, we do a similar thing with a database stored procedure to allocate
an appropriate vlan by mac & location combo; it's basically along the
lines of:
update control {
Tmp-String-0 := "%{sql:select .. from proc('%{Calling-Station-Id}')"
}
if (control:Tmp-String-0 =~ /...regexp for SQL result.../) {
update reply {
# vlan
Tunnel-Private-Group-Id := "%{1}"
Other-Stuff := "%{2}"
}
}
FreeRadius is damn clever when you grasp it ;o)
> radreply), as well as xlat to include a Username in the reply message.
> When I'm finished with it and have it working, I'll be more than willing
> to pass along my code.
Alan can probably give you a wiki account if you want to document it there.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic