Accept users by NAS-IP-Address
Milan Holub
holub at thenet.ch
Wed Apr 25 16:07:26 CEST 2007
Hi Svend,
> The problem occurs when I want a group to contain several NAS. How can I
> make freeradius accept the login if the NAS-IP-Address from the user, is
> one of several listed in a group that a user is member of?
==> read info about checkval module in radiusd.conf.
checkval {
item-name = NAS-IP-Address
check-name = NAS-IP-Address
data-type = ipaddr
}
* enable the module in section authorize
and in your radgroupcheck you have to do something like this:
mysql> select * from radgroupcheck where attribute like 'NAS-IP-Address';
+----+---------------+----------------+----+-----------------+
| id | GroupName | Attribute | op | Value |
+----+---------------+----------------+----+-----------------+
| 83 | config_common | NAS-IP-Address | += | 1.2.3.4 |
| 84 | config_common | NAS-IP-Address | += | 1.2.3.5 |
+----+---------------+----------------+----+-----------------+
then if your your user will be in group called "config_common"(whatever
you choose) then checkval module will perform checking base on multiple
values found for NAS-IP-Address. Please mind the "op" field especially!
Milan Holub
holub (at) thenet (dot) ch
--------------------------------------
TheNet-Internet Services AG,
im Bernertechnopark, Morgenstr. 129
CH-3018, Bern, Switzerland
031 998 4333, Fax 031 998 4330
http://www.thenet.ch
http://wlan.thenet.ch
--------------------------------------
More information about the Freeradius-Users
mailing list