very long regular expression...

Alan DeKok aland at deployingradius.com
Wed Nov 22 18:03:29 CET 2006


Norbert Grochal wrote:
> I want to disallow login to access points for every hosts that are not
> in my network.
>  
> So at the end of /usr/local/etc/raddb/users file I put regular
> expression that checks if Calling-Station-Id IS NOT in list of my hosts...
>  
> DEFAULT Auth-Type := REJECT, Calling-Station-Id !~
> "008012323244|002938475473|<and many other macs...>"

  Don't do that.  It's ugly.  Use rlm_passwd.  See "man rlm_passwd".

  That lets you list all of the MACs in one flat text file, which is a
LOT easier to manage by a script than the "users" file.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list