Attribute Called-Station-Id not working
Hi there, Currently we running FR for our hotspot with multipe Chillispot NAS. We also create demo accounts for each nas, means demo1 should only work for nas1 and demo2 should only work for nas2. For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table. The problem found, the account demo1 still be able to use at nas2 vice versa. Here is our radcheck table: mysql> select * from radcheck where username='demo'; +----+-----------+-------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +----+-----------+-------------------+----+-------------------+ | 40 | demo | Auth-Type | := | Local | | 41 | demo | Password | == | password | | 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX | +----+-----------+-------------------+----+-------------------+ 3 rows in set (0.00 sec) We put NAS mac address for Called-Station-Id since radacct also record the above mac address at column Called-Station-Id. Perhaps, we miss something at somewhere... Any suggestion are welcome. Regards Paul
PD wrote:
For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table.
The problem found, the account demo1 still be able to use at nas2 vice versa.
Please read doc/rlm_sql.
Here is our radcheck table: mysql> select * from radcheck where username='demo'; +----+-----------+-------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +----+-----------+-------------------+----+-------------------+ | 40 | demo | Auth-Type | := | Local |
Don't use Auth-Type. i.e. DELETE that row.
| 41 | demo | Password | == | password |
Change these fields to "Cleartext-Password := password"
| 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX |
Read doc/rlm_sql. This operator *sets* the value. It doesn't *compare* the value. You want "=="
Perhaps, we miss something at somewhere...
The operators are documented in doc/rlm_sql. Alan DeKok.
Dear Alan, Thx for yr quick reply... We are still using an old attributes with reasons... we need to deactive and activate user account without touch his/her password. We did it within just play around at Auth-Type value = Local/Reject Thx for your advice for my case regarding the above subject, I will try it at my office this morning; of course with still using an old attributes. Regards Paul On 1/14/2008, "Alan DeKok" <aland@deployingradius.com> wrote:
PD wrote:
For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table.
The problem found, the account demo1 still be able to use at nas2 vice versa.
Please read doc/rlm_sql.
Here is our radcheck table: mysql> select * from radcheck where username='demo'; +----+-----------+-------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +----+-----------+-------------------+----+-------------------+ | 40 | demo | Auth-Type | := | Local |
Don't use Auth-Type. i.e. DELETE that row.
| 41 | demo | Password | == | password |
Change these fields to "Cleartext-Password := password"
| 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX |
Read doc/rlm_sql. This operator *sets* the value. It doesn't *compare* the value. You want "=="
Perhaps, we miss something at somewhere...
The operators are documented in doc/rlm_sql.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All, Just as an acknowledge that Alan sugestion working fine. we just change an OP from := to == For the old attributes.. we still used them but we also changes the OP. An Auth-Type using == and Password using := The other attributes we uses... Expiration with OP == Login Time with OP == Max-All-Session with OP := Please let me know if we use an incorrect OP. Also... since Alan advice us not to use the old attributes, is there any other replacement attribute for our needs ? Paul On 1/15/2008, "PD" <paul@ranahminang.net> wrote:
Dear Alan,
Thx for yr quick reply...
We are still using an old attributes with reasons... we need to deactive and activate user account without touch his/her password. We did it within just play around at Auth-Type value = Local/Reject
Thx for your advice for my case regarding the above subject, I will try it at my office this morning; of course with still using an old attributes.
Regards
Paul On 1/14/2008, "Alan DeKok" <aland@deployingradius.com> wrote:
PD wrote:
For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table.
The problem found, the account demo1 still be able to use at nas2 vice versa.
Please read doc/rlm_sql.
Here is our radcheck table: mysql> select * from radcheck where username='demo'; +----+-----------+-------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +----+-----------+-------------------+----+-------------------+ | 40 | demo | Auth-Type | := | Local |
Don't use Auth-Type. i.e. DELETE that row.
| 41 | demo | Password | == | password |
Change these fields to "Cleartext-Password := password"
| 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX |
Read doc/rlm_sql. This operator *sets* the value. It doesn't *compare* the value. You want "=="
Perhaps, we miss something at somewhere...
The operators are documented in doc/rlm_sql.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
PD