On 9/11/25 15:21, Alan DeKok via Freeradius-Users wrote:
On Sep 11, 2025, at 1:44 AM, Can Paçacı <pacaci@servisnet.com.tr> wrote:
Sorry I couldn't explain clearly. I listed the things I wanted to do during the checks on the auth access package as follows:
In the Received Access-Request, -In the normal conditions check User-Name, User-Password and NAS-Identifier and write the appropriate Reply-Message to the return package. -In cases where NAS-Identifier is not defined in the radcheck table only check the User-Name and User-Password and write the appropriate Reply-Message to the return package. But the server does that already.
If you list a User-Name, User-Password, and NAS-Identifier in radcheck, they will all be used. If you only list a User-Name and User-Password in radcheck, it will only use / check those.
Yes, you are right, the system already performs this check under normal conditions
Perhaps you're looking to catch the situation where a user has a correct name / password, but is using the wrong NAS. For that situation, you don't need to do anything. Just list the right NAS-Identifier in radcheck. Then, if the user logs into a different NAS, it won't match. Since that entry didn't match, the User-Password won't be added. And the user will be rejected.
on the contrary if the NAS-Identifier is not defined in radcheck, I do not want it to produce an incorrect NAS message. I should write an unlang for this exception but I haven't quite succeeded.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Can Paçacı pacaci@servisnet.com.tr Servisnet A.Ş. Tel: 90 530 5450952