I have freeradius serwer with PEAP auth. secrets of nasnames and user passwords are in mysql.
Is it possible to set freeradius to send Access-Accept only where user try to connect to specified access point? I try to check it by sql query modified by me. sql: authorize_check_query = "SELECT r.id, r.UserName, r.Attribute, r.Value, r.op FROM radcheck r WHERE r.Username = '%{SQL-User-Name}' and ('%{NAS-IP-Address}' = 'aaaaaaaaaa')" When sql gets the password from sql where is no desired value of NAS-IP-Address attribute, so I don't know how to check it by sql. Example, this is ONE packet of Access-Request: rad_recv: Access-Request packet from host 10.10.10.123:2048, id=247, length=261 User-Name = "Adam Nowak" NAS-IP-Address = 10.10.10.123 (...) rlm_sql (sql): sql_set_user escaped user --> 'Adam Nowak' radius_xlat: 'SELECT r.id, r.UserName, r.Attribute, r.Value, r.op FROM radcheck r WHERE r.Username = 'Adam Nowak' and ('10.10.10.123' = 'aaaaaaaaaa') // YOU CAN SEE NAS-IP-Address here, but Adam Nowak is not the eap-peap login... (...) rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - wlxtbp - // THIS IS THE CORRECT LOGIN... rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of wlxtbp PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to wlxtbp (...) rlm_sql (sql): sql_set_user escaped user --> 'wlxtbp' radius_xlat: 'SELECT r.id, r.UserName, r.Attribute, r.Value, r.op FROM radcheck r WHERE r.Username = 'wlxtbp' and ('127.0.0.1' = 'aaaaaaaaaa' ) // YOU SEE 127.0.0.1 instead of desired NAS-IP-Address here, so I can't check here from which access point the user try to connect This is the place, where freeradius gets password from mysql and if the password is ok we can see: rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success My question is as I have written: Is it possible to set freeradius to send Access-Accept only where user try to connect to specified access point? And how to do it ? :-). Norboro
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html