[RADIATOR] Rejection of access request if mac address in Sql table
Alex Sharaz
A.Sharaz at hull.ac.uk
Mon Dec 7 09:46:28 CST 2009
Hi,
I currently use a mysql database to authenticate our wired and wireless
network users. At the moment, if we detect an infected machine on our campus
network, we change the radius password of that user and block network access
until they've fixed their machine. What we'd like to do is change this
slightly so that we block their access from the infected machine but allow
them access from any other one.
What I've currently got is an authBy SQL statement with
AuthSelect Select password from subscribers where username=%0
AuthColumnDef 0,User-Password,check
I sort of thinking that i could meet the extra requirement of blocking access
from a specific mac address with an authby group consisting of two authby sql
statements.
Statement 1 would check for the presence of the calling station maca address
in a table called blockedmacs. If it exists, send an access-reject. If it
doesn't, drop down to
Statement 2 which implements the authby statement outlined above.
My only problem is the 1st authby clause in the group. If I use a
continueWhileAccept statement to define whether to drop through to the second
authby statement I need to have the 1st authby statement return an access
accept if the mac address isn't in the blockedmacs table, which is the
opposite of what it would do normally.
How would i implement the 1st authby statement
Rgds
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5479 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20091207/3f371eea/attachment.bin
More information about the radiator
mailing list