very long regular expression...

Phil Mayers p.mayers at
Fri Nov 24 01:46:50 CET 2006

Norbert Grochal wrote:
>>> I want to disallow login to access points for every hosts that are not
>>> in my network.
>>> So at the end of /usr/local/etc/raddb/users file I put regular
>>> expression that checks if Calling-Station-Id IS NOT in list of my
> hosts...
>>> DEFAULT Auth-Type := REJECT, Calling-Station-Id !~
>>> "008012323244|002938475473|<and many other macs...>"
>>   Don't do that.  It's ugly.  Use rlm_passwd.  See "man rlm_passwd".
>>   That lets you list all of the MACs in one flat text file, which is a
>> LOT easier to manage by a script than the "users" file.
> I still haven't idea how to do it, may you show me any example?

The man page is pretty clear

Do something like:

modules {
   passwd mac2ok {
     filename = /etc/raddb/mac2ok
     format = "*Calling-Station-Id:~My-Local-String"
     hashsize = 100

   # other modules

authorize {
   # other modules

Make "/etc/raddb/mac2ok" read:


...then in "users" put:

DEFAULT	My-Local-String != "ok", Auth-Type := Reject
	Reply-Message = "calling station id not allowed",
	Fall-Through = No

# Other config items

Depending on the version of the server, you might need the following in 

ATTRIBUTE	My-Local-String		3000	string

...where 3000 can be any number between 3000 and 4000 and 
My-Local-String is an arbitrary name you can use for a local config 

> Is it possible to 'mark' good request and then at the end of users file
> write
> ??
> Norboro
> - 
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list