Hi,
it's been a while and I didn't document everything since it was for a personnal project but still I can help.
Heres what I was using to have it work :
sql
if("%{sql:SELECT COUNT(*) FROM radpostauth WHERE username ='%{Calling-Station-Id}'}" > 0){
ok
update control {
Auth-Type := Accept
}
}
else{
reject
}
I'm not an SQL expert so this might not be optimal/fastest way to achieve it ... but did the trick for me.
The idea is that once a user authenticated successfuly, it will be added to radpostauth. Now we verify that if this calling-station-id exist in radpostauth, we authorize it.
This string should be added under the Authorize section of /etc/freeradius/sites-available/conf
HTH