<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I suppose to have sort out this……but<div><br></div><div>I want reject user "paolo" when coming from airespace-wlan-id = 5</div><div><br></div><div>radcheck</div><div><br></div><div><div>9<span class="Apple-tab-span" style="white-space:pre"> </span>paolo<span class="Apple-tab-span" style="white-space:pre">       </span>Expiration<span class="Apple-tab-span" style="white-space:pre">  </span>:=<span class="Apple-tab-span" style="white-space:pre">  </span>15 May 2012</div><div>8<span class="Apple-tab-span" style="white-space:pre"> </span>paolo<span class="Apple-tab-span" style="white-space:pre">       </span>Cleartext-Password<span class="Apple-tab-span" style="white-space:pre">  </span>:=<span class="Apple-tab-span" style="white-space:pre">  </span>paolo</div><div><br></div><div>radusergroup</div><div><br></div><div>paolo<span class="Apple-tab-span" style="white-space:pre">      </span>rfxguest<span class="Apple-tab-span" style="white-space:pre">    </span>0</div><div><br></div><div>radgroupcheck</div><div><br></div><div>4<span class="Apple-tab-span" style="white-space:pre">     </span>rfxguest<span class="Apple-tab-span" style="white-space:pre">    </span>Airespace-Wlan-Id<span class="Apple-tab-span" style="white-space:pre">   </span>:=<span class="Apple-tab-span" style="white-space:pre">  </span>5</div><div><br></div><div>radgoupreply</div><div><br></div><div>1<span class="Apple-tab-span" style="white-space:pre">      </span>rfxguest<span class="Apple-tab-span" style="white-space:pre">    </span>Auth-Type<span class="Apple-tab-span" style="white-space:pre">   </span>:=<span class="Apple-tab-span" style="white-space:pre">  </span>Reject</div><div><br></div><div>radius -X ….</div><div><br></div><div><div> Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf</div><div>  sql {</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>driver = "rlm_sql_mysql"</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>server = "localhost"</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>port = ""</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>login = "radius"</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>password = "xxxxxx"</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>radius_db = "radius"</div><div><span class="Apple-tab-span" style="white-space:pre">       </span><b>read_groups = yes</b></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>sqltrace = no</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>readclients = no</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>deletestalesessions = yes</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>num_sql_socks = 5</div><div><span class="Apple-tab-span" style="white-space:pre">    </span>lifetime = 0</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>max_queries = 0</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>sql_user_name = "%{User-Name}"</div></div><div><br></div><div><br></div><div>…..</div><div><br></div><div><div>[peap] Using saved attributes from the original Access-Accept</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>Auth-Type := Reject</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>Session-Timeout = 48445</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>User-Name = "paolo"</div><div>[eap] Freeing handler</div><div>++[eap] returns ok</div><div>Login OK: [paolo] (from client private-network-1 port 1 cli 00-24-36-b6-3a-22)</div></div><div><br></div><div><br></div><div>EAP-PEAP tunnel reply attribute return Auth-Type = Reject</div><div><br></div><div><br></div><div>but paolo is authenticated.</div><div><br></div><div>Any details to look into to debug this ?</div><div><br></div><div>Thanks fro any reply,</div><div>Paolo.</div><div><br></div><div><br></div><div><br></div><div><div apple-content-edited="true">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 12px; "><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>------------------------------------------------------------------------------------------------</div></div><div>Paolo Barbato</div><div><br></div><div><a href="http://www.igi.cnr.it">Consorzio RFX</a></div><div><div>corso Stati Uniti,4                                  </div><div>35127 Padova - Italy                     <span class="Apple-tab-span" style="white-space: pre; ">  </span>                  </div><div><div>Network Administrator </div><div>phone: +39 049 8295097 fax: +39 049 8700718</div></div><div>------------------------------------------------------------------------------------------------</div></div></div></div></div></div></div></div>
</div>
<br></div></div></body></html>