Настройка FreeRadius для авторизации по DCHP Option 82 через Mikrotik
На микротике должен быть поднят DHCP сервер, который обращается к Radius клиенту, который обращается к Radius серверу.
queries.conf :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
sql_user_name = "%{%{Agent-Remote-Id}:-%{%{User-Name}:-DEFAULT}}" authorize_check_query = "\ SELECT id, username, attribute, value, op \ FROM ${authcheck_table} \ WHERE REPLACE(mac,':','') = REPLACE(REPLACE('%{SQL-User-Name}','0x',''),':','') and sw_port=''\ UNION ALL select id,username,attribute,value,op from radcheck where upper(sw_mac)=upper(REPLACE('%{Agent-Remote-Id}','0x','')) and upper(sw_port)=upper(RIGHT('%{Agent-Circuit-Id}',2))" authorize_reply_query = "\ SELECT id, username, attribute, value, op \ FROM ${authreply_table} \ WHERE REPLACE(mac,':','') = REPLACE(REPLACE('%{SQL-User-Name}','0x',''),':','') and sw_port=''\ UNION ALL select id,username,attribute,value,op from radreply where upper(sw_mac)=upper(REPLACE('%{Agent-Remote-Id}','0x','')) and upper(sw_port)=upper(RIGHT('%{Agent-Circuit-Id}',2))" |
В sites-enabled/default :
|
1 2 3 4 5 6 |
authorize { update control { Auth-Type := Accept } ... |