Restrict to initial NAS used to logon
Ivan Kalik
tnt at kalik.net
Fri Apr 11 10:49:08 CEST 2008
NAS-Identifier is not stored in radacct by default. But you can add it to
or replace NAS-IP-Address with it in radacct table and accounting
queries.
radacct is used for - accounting. You need to put NAS-Identifier check in
radcheck to stop users from connecting from other APs. You can a script
at logon to insert it or run outside script at certain intervals that
will set it up for you. Anyway you need to:
- check radacct if user has logged on before
- if not insert NAS-Identifier check into radcheck table with the value
of the current request
If you add NAS-Identifier field into radacct table you don't need to add
anything into radcheck. Just run a script at logon that will:
- check radacct to see if user had logged on before
- if he had check that value of NAS-Identifier in the request matches the
one in radacct table
Ivan Kalik
Kalik Informatika ISP
Dana 10/4/2008, "Tuc at T-B-O-H.NET" <ml at t-b-o-h.net> piše:
>> > Is anyone doing anything like this already?
>>
>> They usually use equipment that sends a NAS identifier.
>>
>Hi,
>
> Sorry for a second followup, but I just looked over
>the radacct file and don't see anywhere that NAS-Identifier would
>be stored. Or are you saying that I need to still use the
>%{NAS-Identifier} in some sort of check-name?
>
> Thanks, Tuc
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list