On Feb 17, 2010, at 10:54 AM, Alan DeKok wrote:
Adam Wien wrote:
Here's my database setup.
Please read doc/rlm_sql.
mysql> select * from radcheck where username='adam@cpanel.net'; +------+-----------------+--------------------+----+----------+ | id | username | attribute | op | value | +------+-----------------+--------------------+----+----------+ | 1072 | adam@cpanel.net | Cleartext-Password | := | BLANK | +------+-----------------+--------------------+----+----------+
Defines a password...
mysql> select * from radgroupcheck; +------+-----------+-------------------+----+-------+ | id | groupname | attribute | op | value | +------+-----------+-------------------+----+-------+ | 1072 | Sysadmin | Airespace-Wlan-Id | == | 9 | +------+-----------+-------------------+----+-------+
Says "group sysadmin checks if the airespace attribute matches"
mysql> select * from radusergroup; +-----------------+-----------+----------+ | username | groupname | priority | +-----------------+-----------+----------+ | adam@cpanel.net | Sysadmin | 1 | +-----------------+-----------+----------+
Says "user adam... is in group sysadmin".
Where did you configure it do *do* something, like reject the user?
I guess that's my real question. What database does that belong in? I've tried adding it to 'radgroupreply' and also 'radgroupcheck' with a higher ID(although the latter doesn't seem correct).
This configuration does *not* deny users access by matching Airespace-Wlan-Id. That should be clear: there is no "deny" rule!
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html