Users file giving me headaches :)
Alan DeKok
aland at deployingradius.com
Wed Mar 7 16:21:47 CET 2007
Marcelus Trojahn wrote:
> Hello folks,
>
> For quite some time now I'm struggling with a problem I have no clue
> how to solve...
>
> Consider the following:
> zro Auth-Type := MD5, User-Password := 9bb05e8970a8c18991d3048f3f5ad976, Calling-Station-Id == 00:16:EC:54:2E:C4, Simultaneous-Use := 1
> Mikrotik-Rate-Limit = "128k/192k 128k/384k 64k/64k 1/8"
In 1.1.4 && later, you don't need to set Auth-Type like this. See
"man rlm_pap" for details.
It also makes the configuration much simpler.
> Is there any way I can instruct the Radius to do like a logical OR
> check? Like:
>
> if (NAS-IP-Address != "10.200.200.2") {
> Calling-Station-Id has to be 00:16:EC:54:2E:C4
> } else {
> Ignore the Calling-Station-Id, check only the password
> }
Set up two modules. Use rlm_passwd to put the Calling-Station-Id's
into an internal group (say My-Group), and then do:
DEFAULT NAS-IP-Address != 10.200.200.2, My-Group != "foo", Auth-Type :=
Reject
DEFAULT do password checks...
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list