[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Special WIFI Router MAC check for the =?UTF-8?B?dXNlcuKAmXMg?=
From:       Phil Mayers <p.mayers () imperial ! ac ! uk>
Date:       2011-08-31 13:55:35
Message-ID: 4E5E3D57.2000903 () imperial ! ac ! uk
[Download RAW message or body]

On 31/08/11 12:38, 2394263740 wrote:

> For example, WIFI AP 26, has the MAC address MAC26. I need ensure one
> WIFI user, say user 58, must connect to WIFI AP 26 for the first time.
> After the first connection, user 58 can connect to any WIFI AP in the
> network.
> Can someone give some advice on how to do it?

  1. Create a whitelist of users who can authenticate to any AP using 
files, rlm_passwd or ideally SQL - see the FreeRADIUS wiki

  2. If they are *not* found in the whitelist, check the 
"Called-Station-Id" attribute, which usually contains the MAC address of 
the AP. If your equipment uses a different attribute, check that.

  3. If the AP MAC is the correct one, add the user to the whitelist, 
else reject

For example:

authorize {

  ...
  update control {
    Tmp-String-0 := "%{sql:select 1 from whitelist where 
username='%{User-Name}'}"
  }
  if (control:Tmp-String-0 == 1) {
    # user is in whitelist
  }
  elsif (Called-Station-Id == "aa-bb-cc-dd-ee-ff") {
    # user is connecting to the "whitelist" AP
    update control {
      Tmp-String-0 = "%{sql:insert into whitelist (username) values 
('%{User-Name}')}"
    }
  }
  else {
   reject
  }
  ...

}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]