Bill Hamlin <[EMAIL PROTECTED]> wrote:
> It looks like I could do this in the 'users' file by using the 'Auth-Type =
> Accept'. But that means I'd have to maintain this text file as MAC
> addresses are added and removed from my billing system. (If you change the
> users file do you have to signal radiusd to reload it?)
Yes, you do. Usually one runs `radctl reload' to do that.
> What I'd prefer is to use an SQL database and run a query (select userid
> from users where mac=..). I'm looking at the PAM stuff and that looks like
> it's going to involve prompting for a password, which I don't want. The AP
> doesnt support that.
>
> What do you think is the best way for me to handle this?
What does `userid' mean in the above query? Is it needed for authentication?
If it is not, the simplest solution is probably the following:
1. raddb/hints contains this record:
DEFAULT NULL User-Password = "OK"
Its purpose is to add a `fake' User-Password attribute to the incoming
request (it is supposed that the incoming requests never contain it).
2. raddb/sqlserver defines the following authentication query:
auth_query SELECT 'OK' FROM users where mac='%C{User-Name}'
3. Finally, the following entry in raddb/users does the rest of the
job:
DEFAULT Auth-Type = SQL, Password-Location = SQL
...
(Replace `...' with whatever attributes you wish to return to the NAS).
Regards,
Sergey
_______________________________________________
Help-gnu-radius mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnu-radius
