Restrict to initial NAS used to logon

Ivan Kalik tnt at kalik.net
Fri Apr 11 10:49:08 CEST 2008


NAS-Identifier is not stored in radacct by default. But you can add it to
or replace NAS-IP-Address with it in radacct table and accounting
queries.

radacct is used for - accounting. You need to put NAS-Identifier check in
radcheck to stop users from connecting from other APs. You can a script
at logon to insert it or run outside script at certain intervals that
will set it up for you. Anyway you need to:

- check radacct if user has logged on before
- if not insert NAS-Identifier check into radcheck table with the value
of the current request

If you add NAS-Identifier field into radacct table you don't need to add
anything into radcheck. Just run a script at logon that will:

- check radacct to see if user had logged on before
- if he had check that value of NAS-Identifier in the request matches the
one in radacct table

Ivan Kalik
Kalik Informatika ISP



Dana 10/4/2008, "Tuc at T-B-O-H.NET" <ml at t-b-o-h.net> piše:

>> > 	Is anyone doing anything like this already?
>>
>>   They usually use equipment that sends a NAS identifier.
>>
>Hi,
>
>	Sorry for a second followup, but I just looked over
>the radacct file and don't see anywhere that NAS-Identifier would
>be stored. Or are you saying that I need to still use the
>%{NAS-Identifier} in some sort of check-name?
>
>		Thanks, Tuc
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list