Restricting logins with Calling-Station-Id in MySQL
Christopher Carver
ccarver at pennswoods.net
Fri May 19 00:08:49 CEST 2006
In radgroupcheck set up something like this:
+----+-------------+------------------+----+-------------+
| id | GroupName | Attribute | op | Value |
+----+-------------+------------------+----+-------------+
| 1 | restricted | Called-Station-ID | == | 1112223333 |
| 2 | restricted | Auth-Type | := |
reject |
+----+-------------+------------------+----+-------------+
The thing a lot of people mess up is they don't realize Auth-Type :=
reject needs to go in radgroupcheck not radgroupreply.
Then in usergroup try this for each user you want to set this
restriction for:
+--------+-------------+---------------+
| id | UserName | GroupName |
+--------+-------------+---------------+
| 39747 | <user> | restricted |
+--------+-------------+---------------+
That should do it.
Chris Carver
Pennswoods.Net
Network Engineer
Mike Jakubik wrote:
> Christopher Carver wrote:
>> In the users file you could have a line...
>>
>> DEFAULT Called-Station-ID == 1112223333, Auth-Type := Reject
>
> As i mentioned, i need to do this in the sql database and for each
> group. Adding the Called-Station-ID to radgroupcheck results in the
> following error:
>
> Thu May 18 16:39:13 2006 : Info: rlm_sql (sql): No matching entry in
> the database for request from user [xxx]
> Thu May 18 16:39:13 2006 : Auth: Login incorrect: [xxx/xxx] (from
> client xxx port 1485 cli xxx)
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list