Check multiple attributes for one user

[Tim Sylvester]

Run the server in debug mode (radiusd -X) and check the attributes sent by
the NAS. The NAS may not be sending the Calling-Station-Id or it may be in a
different format. Either way, the debug output is going to give you more
information.

Tim

> -----Original Message-----
> From: freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On Behalf
> Of Krijn Tanis | WiMood
> Sent: Monday, October 04, 2010 10:59 AM
> To: freeradius-users at lists.freeradius.org
> Subject: Check multiple attributes for one user
>
> Hello all,
>
> For a project I am working on 802.1x WPA-EAP authentication and for
> this
> I use a Freeradius server. This part of authentication works perfect.
>
> Now I also want to check the Calling-Station-Id for the user, in this
> case it is MAC address of the wireless client. I want this because I
> want to allow the user to connect only from one MAC address (else user
> is able to use a other device that is not in our control, I want to
> prevent this. So I want to check the Password ánd Calling-Station-Id in
> one and the same Access Request. If both match an Access-Accept is
> sent,
> in all other cases (when password or Calling-Station-Id do not match
> for
> the user) an Access-Reject.
>
> I tried to do this:
>
> +----+----------------+--------------------+------------------+------+
> | id | UserName       | Attribute          | Value            | Op   |
> +----+----------------+--------------------+------------------+------+
> |  1 | krijn          | Calling-Station-Id | 00-0B-6B-D9-D0-14| ==   |
> |  2 | krijn          | Cleartext-Password | test123          | :=   |
>
> But this doesn’t work, the user is rejected. Can somebody point me into
> the right direction?
>
> Kind regards,
>
> Krijn Tanis
> WiMood
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html