I have installed Freeradius and Daloradius from the help given on the following site. https://computingforgeeks.com/how-to-install-freeradius-and-daloradius-on-ubuntu/
I need some help. I have a unique situation.
I have multiple sites which have been installed with mikrotik routers. I have installed RADIUS on a single location and made it the single point for user hotspot user (on Mikrotik) authentication.
What I have achieved is: When a user wants to login, he is allotted XYZ speed limit with XYZ idle time and XYZ simultaneous users.
What I have Done: For testing purpose, I have made
Reply Attributes:
Fall-Through: value 1 , Op =
Check Attribues:
Auth Type: Value Reject, Op :=
WISPr-Location-ID: Value Site1, Op !=
What the above does is, it checks that if the user is trying to login from a site where the WISPr-Location-ID is now Site1, it rejects the user. And if the the WISPr-Location-ID is Site1, it allows the user to login. This works fine as I want.
What my Goal is (what I want to do and have not been able achieve is): When the user is actually at the Site1 (where he is allowed), if I apply the Reply attribute of Speed limit, idle-timeout and (check attribute) simultaneous user; they don't get applied.
In short I want:
if the user is at site1, allow the user and apply this speed limit, idle timeout and simultaneous users limit Otherwise, reject and do not allow on the network.
Can anyone please help me in this regard?
As no one answered, I made another way out for that.
In the table of Users in the Database of Radius, there was a column "address"
I added my desired SITE name as the address and then wrote the following Code in the
/etc/freeradius/3.0/sites-enabled/default file under authorize.
if ("%{sql: select address from userinfo where username = '%{User-Name}'}" != "%{WISPr-Location-ID}" && "%{sql: select address from userinfo where username = '%{User-Name}'}" != "all" ) {
update reply {
Reply-Message = 'Error: You are not allowed to connect form this Site !'
}
update control {
Auth-Type := "Reject"
}
}
What the above does is, it will look for the WISPr-Location-ID sent by the router, if the reply matches what is written in the address of the user,it will allow the user to connect to the network AND if the user has "all" written in the address field, it will allow the user to the network regardless of the reply from the router.
If the user does not have "all" in the address field and has some other entry that does not matches the reply received from the router, it will send the user the msg
"Error: You are not allowed to connect form this Site !"
I hope this helps someone else.