Hi,<br><br>FR + mysql auth&acct.<br>Sometimes I need to restrict users or groups to acces a certain NAS.<br>I use the nas-identifier attribute to recognize the nas<br>To accomplish this I just add an entry to radcheck or radgroupcheck like this
<br><br>NAS-identifier != nas-name<br><br>This works fine but, sometimes I use radtest directly on the server to test accounts if someone claims he/she is unable to login.<br>Now for every user/group I've set the above entry in the database, radcheck on the server always returns an acces-reject for some reason.
<br>Though, users can login the nas's they are allowed to and get rejected on the certain nas I've specified, so the setup itself is working.<br><br>But I've kind of lost my "account testing utitlity" :-)
<br>I don't understand why radcheck fails on these accounts. I understand radcheck doesn't send any nas-identifier, but I used operator ' ! = '<br>and not ' ==' so shouldn't the radius accept radtest requests on localhost?
<br>I 'm sure there is a good explanation why radtest returns an Acces-reject, but I'd like to know why and, if possible, if there is a solution/work-around for this.<br><br>Many tnx,<br>Y.<br><br>