Cisco AV Pair
Alan DeKok
aland at deployingradius.com
Mon Jul 28 20:15:17 CEST 2014
Dan Fleming wrote:
> Thank you I have read through it makes sense. So how do I do something
> based on the results?
The SQL document talks about "radreply", which lets you do something
with the results.
> I would like to only authorize a connection if the
> users password matches and they are connecting to the correct ssid in
> the av-pair. Is there a HOWTO or other document outlining how to do that?
No. Because that's a specific solution. The documents describe how
the server works, and lets you put it together yourself.
For your situation, the key is to understand that the server accepts
users if their password is correct. If you add more conditional checks,
the user is still accepted.
The solution is either to:
a) set the "known good" password ONLY if the conditions also match. The
SQL documentation describes how to set conditions
b) if the password is stored somewhere else (e.g. LDAP), then you need
to REJECT the user if the conditions match.
Alan DeKok.
More information about the Freeradius-Users
mailing list