On 31/08/11 12:38, 2394263740 wrote:
For example, WIFI AP 26, has the MAC address MAC26. I need ensure one
WIFI user, say user 58, must connect to WIFI AP 26 for the first time.
After the first connection, user 58 can connect to any WIFI AP in the
network.
Can someone give some advice on how to do it?
1. Create a whitelist of users who can authenticate to any AP using
files, rlm_passwd or ideally SQL - see the FreeRADIUS wiki
2. If they are *not* found in the whitelist, check the
"Called-Station-Id" attribute, which usually contains the MAC address of
the AP. If your equipment uses a different attribute, check that.
3. If the AP MAC is the correct one, add the user to the whitelist,
else reject
For example:
authorize {
...
update control {
Tmp-String-0 := "%{sql:select 1 from whitelist where
username='%{User-Name}'}"
}
if (control:Tmp-String-0 == 1) {
# user is in whitelist
}
elsif (Called-Station-Id == "aa-bb-cc-dd-ee-ff") {
# user is connecting to the "whitelist" AP
update control {
Tmp-String-0 = "%{sql:insert into whitelist (username) values
('%{User-Name}')}"
}
}
else {
reject
}
...
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
