It worked fine, thank you. Is it possible to reject users except when they have a valid NAS-IP-Address? For example if a user is not member of a group, or if they are only member of groups which doesnt contain the NAS-IP-Address? I found the 'notfound-reject' for request that doesnt contain NAS-IP-Address (in my case). reg Svend
/ The problem occurs when I want a group to contain several NAS. How can I />>/ make freeradius accept the login if the NAS-IP-Address from the user, is />>/ one of several listed in a group that a user is member of? /> ==> read info about checkval module in radiusd.conf.
checkval { item-name = NAS-IP-Address check-name = NAS-IP-Address data-type = ipaddr }
* enable the module in section authorize
and in your radgroupcheck you have to do something like this:
mysql> select * from radgroupcheck where attribute like 'NAS-IP-Address'; +----+---------------+----------------+----+-----------------+ |/ id | GroupName | Attribute | op | Value | />+----+---------------+----------------+----+-----------------+ |/ 83 | config_common | NAS-IP-Address | += | 1.2.3.4 | />|/ 84 | config_common | NAS-IP-Address | += | 1.2.3.5 | />+----+---------------+----------------+----+-----------------+
then if your your user will be in group called "config_common"(whatever you choose) then checkval module will perform checking base on multiple values found for NAS-IP-Address. Please mind the "op" field especially!
participants (1)
-
Svend Eriksen