Looks good, i was also wondering if this could be done with mysql as backend ?! Cheers, Collen Phil Mayers wrote:
jonr@destar.net wrote:Could I also do:bob password = "neil", Calling-Station-Id != "0001....", Auth-Type :=RejectSo that both pieces of information have to be present to be authenticated?No, that would always reject the user. You could do this: bob Calling-Station-Id != "0001....", Auth-Type := Reject bob User-Password := "neil"Well thats too easy. :)Can you instead use rlm_checkval like this: modules { passwd user2allowedmacs { filename = /etc/raddb/user2allowedmacs format = "*User-Name:Calling-Station-Id" hashsize = 100 allowmultiplekeys = yes } checkval usermacs { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string notfound-reject = yes } }Which file would the above be placed in and does it need to be placed in a certain area of the file or can it just be added to the bottom of the file? AndIt's a partial fragment of radiusd.conf - you would need to inspect how the radiusd.conf hierarchial config works, and put the two module definitions in along with anything else you needwhen I see 'rlm_' I think realm which makes me think ldap or kerberos, neitherof which I am using, will this be a problem?rlm == radius loadable module, nothing to do with realms (although there is an rlm_realm for dealing with realms!)authorize { preprocess user2allowedmacs usermacs # other stuff }So whatever I name my module I will have to add to the authorize stanza in theradius.conf file, correct?Yep/etc/raddb/user2allowedmacs: user1:001122334455 user1:aabbccddeeff user2:0123456789ab ...I think that ought to work?Thanks for the info, this is gold! Jon- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html