[RADIATOR] Authentication without check attributes

Heikki Vatiainen hvn at open.com.au
Sun Jun 24 15:59:46 CDT 2012


On 06/23/2012 04:32 PM, Jesús Rodríguez wrote:

> To authenticate a dsl pre-authentication request, i have to use a mysql function query (using AuthBy mysql) that returns 1 (accept) or 0 (reject), with no check attributes or other values i can use as check parameters.
> 
> How can i send the Accept or Reject based on the returned 1 or 0 values?.

Try something like this:

<Handler ...>
    AddToRequest  X-pre-auth-required-result = 1
    <AuthBy SQL>
        AuthSelect your-mysql-function
        AuthColumnDef 0, X-pre-auth-required-result, check
    ...
...

Here X-pre-auth-required-result is a local pseudo-attribute. You can
name it as you want, but the main thing is it will never come from the
NAS and has a fixed value you can compare against value returned from
MySQL function.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list