Some help with the Users file

Alan DeKok aland at deployingradius.com
Tue Mar 17 10:43:43 CET 2009


Josh Hiner wrote:
> I want to make it so that users who use eap-peapv0 have to be in the
> wireless group to logon. I have this set in the users file:
> DEFAULT        Called-Station-Id =~ "CCISD-REMC1", Group != "wireless",
> Auth-Type := Reject
> 
> This works great buuut I have successfully setup eap-tls. What is the
> appropriate way to continue to limit users to be in the wireless group
> to connect?

  The above "users" file entry should be a good start.

> I have the common name of the certificate set to the users login so if a
> user logs in with the username "josh" then that is the common name of
> the certificate. Will Freeradius use this same username to check against
> the wireless group?

  It will use the User-Name in the Access-Request packet.

  Alan DeKok.



More information about the Freeradius-Users mailing list