----- Original Message -----
From: "Fajar A. Nugraha" <[email protected]>
To: "FreeRadius users mailing list" <[email protected]>
Sent: Tuesday, November 01, 2011 11:02 AM
Subject: Re: add field in radcheck table
On Tue, Nov 1, 2011 at 9:07 AM, gary <[email protected]> wrote:
From the login page,user can type his name and select pull-down option
for
the realm and then send to FR server for authentication.
for example, gary@domain1 and gary@domain2 come from different company
and
both in same database.
I can directly input gary@domain1 and gary@domain2 as user name for
authentication.
but I would like to separate two field for checking.
user can see(probably read) user infomation(eg:logout page) only user
name
instead of gary@domain1 .
This is a captive portal setup, right? FR doesn't really care what
user puts in "drop down box", it only cares what the NAS (e.g.
chillispot) sends. And the NAS doesn't really care what the user
inputs, it only cares what the captive portal sends it (which may or
may not be the same as what the user inputs).
Yes, I mean FR server will receive user@domain finally.
For example, in my setup the captive portal adds a realm automatically
(user can't put it manually) and pre-process the password that user
entered (e.g. using a custom hash).
In that setup there's really no need to separate user and realm. Just
use the default setup.
Furthermore, in case lot of data in radcheck, it can be search,sort...etc
according to the realm field to improve server performance.
I actually think the easiest way is to just add a "realm" field in
radcheck as ENUM type, indexed, used only for search/sorting purposes,
updated automatically by mysql trigger. That way you don't have to
modify anything on FR side.
Thanks. that means username field in radcheck will be user@domain for user
authentication. I will take this as first priority testing.
I read freeradius how-to it recommand use only user name as authentication.
read as below:
"If you're stripping all domain name elements from usernames via realms,
remember NOT to include the domain name elements in the usernames you put in
the SQL tables - they should get stripped BEFORE the database is checked, so
name@domain will NEVER match if you're realm stripping (assuming you follow
point 2 above) - you should just have 'name' as a user in the database. Once
it's working without, and if you want more complex realm handling, go back
to work out not stripping (and keeping name@domain in the db) if you really
want to."
Anyway, it is appreciate if someone can point direction or share documention
how to add a check column in radcheck table I can study.
--
Fajar
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
