Authenticate devices via Agent-Circuit-Id

Owned by Ole Ernst
Last updated: Dec 13, 2023
1 min read
  1. Adjust FreeRADIUS SQL config to identify devices by their Agent-Circuit-Id instead of their User-Name
    --- a/etc/raddb/mods-config/sql/main/mysql/queries.conf
+++ b/etc/raddb/mods-config/sql/main/mysql/queries.conf
@@ -35,7 +35,7 @@
 #	Else use hard-coded string "DEFAULT" as the user name.
 #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
 #
-sql_user_name = "%{User-Name}"
+sql_user_name = "%{Agent-Circuit-Id}"
 
 #######################################################################
 # Default profile
--- a/etc/raddb/dictionary
+++ b/etc/raddb/dictionary
@@ -47,3 +47,7 @@
 #ATTRIBUTE	My-Local-String		3000	string
 #ATTRIBUTE	My-Local-IPAddr		3001	ipaddr
 #ATTRIBUTE	My-Local-Integer	3002	integer
+VENDOR		Ericsson-AB			2352
+BEGIN-VENDOR	Ericsson-AB
+ATTRIBUTE	Agent-Circuit-Id			97	string
+END-VENDOR	Ericsson-AB
  2. Restart FreeRadius 
    systemctl restart radiusd
  3. Insert new test user into radcheck and radusergroup (assumption QoS with id 1 already exists, device Agent-Circuit-Id is 'olt001.nmsprime.com/0/0/1/1/1')
    INSERT INTO radcheck (username, attribute, op, value) VALUES ('olt001.nmsprime.com/0/0/1/1/1', 'Auth-Type', ':=', 'Accept');
INSERT INTO radusergroup (username, groupname, priority) VALUES ('olt001.nmsprime.com/0/0/1/1/1', 0, 1);
INSERT INTO radusergroup (username, groupname, priority) VALUES ('olt001.nmsprime.com/0/0/1/1/1', 1, 1);