[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Special WIFI Router MAC check for the =?UTF-8?B?dXNlcuKAmXMg?=
From: Phil Mayers <p.mayers () imperial ! ac ! uk>
Date: 2011-08-31 13:55:35
Message-ID: 4E5E3D57.2000903 () imperial ! ac ! uk
[Download RAW message or body]
On 31/08/11 12:38, 2394263740 wrote:
> For example, WIFI AP 26, has the MAC address MAC26. I need ensure one
> WIFI user, say user 58, must connect to WIFI AP 26 for the first time.
> After the first connection, user 58 can connect to any WIFI AP in the
> network.
> Can someone give some advice on how to do it?
1. Create a whitelist of users who can authenticate to any AP using
files, rlm_passwd or ideally SQL - see the FreeRADIUS wiki
2. If they are *not* found in the whitelist, check the
"Called-Station-Id" attribute, which usually contains the MAC address of
the AP. If your equipment uses a different attribute, check that.
3. If the AP MAC is the correct one, add the user to the whitelist,
else reject
For example:
authorize {
...
update control {
Tmp-String-0 := "%{sql:select 1 from whitelist where
username='%{User-Name}'}"
}
if (control:Tmp-String-0 == 1) {
# user is in whitelist
}
elsif (Called-Station-Id == "aa-bb-cc-dd-ee-ff") {
# user is connecting to the "whitelist" AP
update control {
Tmp-String-0 = "%{sql:insert into whitelist (username) values
('%{User-Name}')}"
}
}
else {
reject
}
...
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic