rabbtux rabbtux rabbtux at
Sat Jun 10 17:28:38 CEST 2006

I have a similar situation.  I have several chillispot APs, and want
users to only login to their 'home' AP, and not others.  I'm using
mysql backend to Freeradius.  if I use

NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject

in the radcheck table it seems there is nothing that ties them
together.  I know it shouldn't be that hard to limit users to a
certian AP, I'm still quite new to radius.
Thanks for any suggestions! - marshall

On 6/9/06, Chris Carver <ccarver at> wrote:
> Kartthik Raghunathan wrote:
> > Am using two linksys access points for my wireless client. In one of my access points i want to restrict the users connecting to it, ist possible to do this using huntgroup. If so can someone show some light or provide a sample config to do it.
> >
> > thanks,
> > Kartthik
> >
> >
> Sure, but if you only have 2 its probably not necessary.  You could just
> do this in the users file:
> default NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject
> Of course, you might not simply want to reject them.  But you can match
> on the ip of the ap in the users file and do whatever you want.  If you
> wanted to do it with huntgroups you'd have to add two entries in the
> huntgroups file:
> restrictedAP            NAS-IP-Address == <ip>
> otherAP                  NAS-IP-Address == <ip>
> Then in users instead of matching on NAS IP you match on Huntgroup-Name ==
> Chris Carver
> Network Engineer
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list