Dear Alan, Thx for yr quick reply... We are still using an old attributes with reasons... we need to deactive and activate user account without touch his/her password. We did it within just play around at Auth-Type value = Local/Reject Thx for your advice for my case regarding the above subject, I will try it at my office this morning; of course with still using an old attributes. Regards Paul On 1/14/2008, "Alan DeKok" <aland@deployingradius.com> wrote:
PD wrote:
For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table.
The problem found, the account demo1 still be able to use at nas2 vice versa.
Please read doc/rlm_sql.
Here is our radcheck table: mysql> select * from radcheck where username='demo'; +----+-----------+-------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +----+-----------+-------------------+----+-------------------+ | 40 | demo | Auth-Type | := | Local |
Don't use Auth-Type. i.e. DELETE that row.
| 41 | demo | Password | == | password |
Change these fields to "Cleartext-Password := password"
| 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX |
Read doc/rlm_sql. This operator *sets* the value. It doesn't *compare* the value. You want "=="
Perhaps, we miss something at somewhere...
The operators are documented in doc/rlm_sql.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html