jonr@destar.net wrote:
Quoting Alan DeKok <aland@deployingradius.com>:
And yes, I cover all of this in my book, which will be done real soon now...
This is the book I am waiting to read. The O'Reilly book is a good primer but really doesn't get to the meat of what Radius can do.
You can do:
bob Calling-Station-Id != "0001....", Auth-Type := Reject
Could I also do:
bob password = "neil", Calling-Station-Id != "0001....", Auth-Type := Reject
So that both pieces of information have to be present to be authenticated?
No, that would always reject the user. You could do this: bob Calling-Station-Id != "0001....", Auth-Type := Reject bob User-Password := "neil" Can you instead use rlm_checkval like this: modules { passwd user2allowedmacs { filename = /etc/raddb/user2allowedmacs format = "*User-Name:Calling-Station-Id" hashsize = 100 allowmultiplekeys = yes } checkval usermacs { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string notfound-reject = yes } } authorize { preprocess user2allowedmacs usermacs # other stuff } /etc/raddb/user2allowedmacs: user1:001122334455 user1:aabbccddeeff user2:0123456789ab ...I think that ought to work?