radcheck & NAS-identifier
ydmlog at gmail.com
Thu Oct 18 09:14:49 CEST 2007
FR + mysql auth&acct.
Sometimes I need to restrict users or groups to acces a certain NAS.
I use the nas-identifier attribute to recognize the nas
To accomplish this I just add an entry to radcheck or radgroupcheck like
NAS-identifier != nas-name
This works fine but, sometimes I use radtest directly on the server to test
accounts if someone claims he/she is unable to login.
Now for every user/group I've set the above entry in the database, radcheck
on the server always returns an acces-reject for some reason.
Though, users can login the nas's they are allowed to and get rejected on
the certain nas I've specified, so the setup itself is working.
But I've kind of lost my "account testing utitlity" :-)
I don't understand why radcheck fails on these accounts. I understand
radcheck doesn't send any nas-identifier, but I used operator ' ! = '
and not ' ==' so shouldn't the radius accept radtest requests on localhost?
I 'm sure there is a good explanation why radtest returns an Acces-reject,
but I'd like to know why and, if possible, if there is a
solution/work-around for this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users