Accept users by NAS-IP-Address

Svend Eriksen se at metro-remote.no
Thu Apr 26 13:35:15 CEST 2007


It worked fine, thank you.

Is it possible to reject users except when they have a valid NAS-IP-Address?
For example if a user is not member of a group, or if they are only member of groups which doesnt contain the NAS-IP-Address?
I found the 'notfound-reject' for request that doesnt contain NAS-IP-Address (in my case).

reg
Svend


>>/ The problem occurs when I want a group to contain several NAS. How can I 
/>>/ make freeradius accept the login if the NAS-IP-Address from the user, is 
/>>/ one of several listed in a group that a user is member of?
/>
>==> read info about checkval module in radiusd.conf.
>
>checkval {
>                item-name = NAS-IP-Address
>                check-name = NAS-IP-Address
>                data-type = ipaddr
>}
>
>* enable the module in section authorize
>
>and in your radgroupcheck you have to do something like this:
>
>mysql> select * from radgroupcheck where attribute like 'NAS-IP-Address';
>+----+---------------+----------------+----+-----------------+
>|/ id | GroupName     | Attribute      | op | Value           |
/>+----+---------------+----------------+----+-----------------+
>|/ 83 | config_common | NAS-IP-Address | += | 1.2.3.4         |
/>|/ 84 | config_common | NAS-IP-Address | += | 1.2.3.5         |
/>+----+---------------+----------------+----+-----------------+
>
>then if your your user will be in group called "config_common"(whatever
>you choose) then checkval module will perform checking base on multiple 
>values found for NAS-IP-Address. Please mind the "op" field especially!




More information about the Freeradius-Users mailing list