very long regular expression...

Phil Mayers p.mayers at
Sat Nov 25 15:57:35 CET 2006

Norbert Grochal wrote:
> OK, It almost works fine, but if there is no mac in my mac2ok file then
> users file doesn't put REJECT into Auth-Type.
> I have added that line at the begining of users file:
> DEFAULT Auth-Type := REJECT, My-Local-String !* "a"
> and if there is no mac in mac2ok file then user cannot login into network.
> but if there is mac in mac2ok file (so My-Local-String exist) I have always:
>   rlm_eap_peap:  Had sent TLV failure, rejecting.

Just showing that one line is useless. You need to post the entire debug 
output of "radiusd -X" so we can see the entire EAP conversation to 
determine the problem.

> My freeradius version is 1.1.0
> If I remove the first line from users file all is ok. Users can login only
> from specified access points.
> The first line in users file works fine, if there is no mac in mac2ok
> file...

I'm sorry, I don't really understand. Could you try re-phrasing the problem.

You could maybe try something like this in "users".

DEFAULT	My-Local-String == "ok"
	Fall-Through = No

DEFAULT	Auth-Type := Reject

> Can I add at the begining or at the end (?) of mac2ok file something like
> *:bad
> and everything will be 'bad' but ok will be overwritten by 'good' ??

No. You would use appropriately-ordered "users" file entries for that 
kind of logic

More information about the Freeradius-Users mailing list