RE: NAS-IP-Address groupcheck item

To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org>

Subject: RE: NAS-IP-Address groupcheck item

From: "Jeff Crowe" <listacct@genhex.net>

Date: Thu, 27 Dec 2007 12:24:58 -0500

In-reply-to: <799e44b30712270859x6d4053c4l264f171e5e164b5d@mail.gmail.com>

Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Thread-index: AchIqhXBMIcnuLS9Q0+WeKkoEsAHtgAAx6yg

On Dec 27, 2007 3:28 PM, Jeff Crowe <listacct@genhex.net> wrote:

Hi all,

I am trying to deny a user from logging in through a couple of nas I have on
my network. I am using freeradius 1.1.3 with mysql.

In my table radgroupcheck, I have added

Groupname Attribute Op Value
Dial-Up NAS-IP-Address != 1.1.1.1
Dial-Up NAS-IP-Address != 2.2.2.2

The SQL check always seems to return the last value of 2.2.2.2 and never
compare against the 1.1.1.1. If my user is connecting to 1.1.1.1 , they will
authenticate and be allowed online.

Can someone please point me in the correct direction to allow me to define
multiple nas servers that I can deny authentication from?

Thanks and happy holidays

Jeff

Try to add it like this:
Dial-Up NAS-IP-Address !~ (1.1.1.1|2.2.2.2)

Kind regards
Y.

Hi Yves,

thank you very much - it works perfectly.

Regards,

Jeff.

References:

Re: NAS-IP-Address groupcheck item
- From: YvesDM <ydmlog@gmail.com>

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.