Tim Sylvester wrote:
Ad this into the authorize section:
authorize {
if %{ADSL-Agent-Circuit-Id} {
update request {
User-Name := "%{ADSL-Agent-Circuit-Id}"
Password := "%{ADSL-Agent-Circuit-Id}"
}
}
Make sure that to add the User-Name (ADSL-Agent-Circuit-Id) to radcheck and
set the password to the value of ADSL-Agent-Circuit-Id.
+--------+-----------+--------------------+----+-----------+
| id | username | attribute | op | value |
+--------+-----------+--------------------+----+-----------+
| 226529 | adslagent | Cleartext-Password | := | adslagent |
+--------+-----------+--------------------+----+-----------+
This opens up a security hole I wish to avoid - if someone knows what my
circuit Id's look like, and that database is used in any context where a
user can send an id/password to authenticate that does NOT have
ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user
id's for the bad guys to use. I am happy having a non-default sql
database schema but I think I really need the sql lookup to be being
based on ADSL-Agent-Circuit-Id and not User-Name.
Mike-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
