Restricting dialup users to certain client definitions only

Jeff Crowe listacct at
Fri Dec 19 20:00:08 CET 2008

Hi Todd,

I am using FR & MySQL and have the following in my radgroupcheck table to
limit my dialup customers from connecting to my dsl aggregators.  I have
created different Groups (dialup & dsl for simplicity).  In the dialup group
I have rule that reads:

ID: xxx
GroupName: dialup
Attribute: NAS-IP-Address
OP: !~
Value: (|

This prevents any user in FR with a group of dialup from connecting to a NAS
device with an IP of or .2

Hope this gives you an idea on where to limit your customers.


-----Original Message-----
From: at
[ at]
On Behalf Of Paul Bartell
Sent: Friday, December 19, 2008 1:26 PM
To: FreeRadius users mailing list
Subject: Re: Restricting dialup users to certain client definitions only

You would use the Calling-Station-ID or Called-Station-ID checks in
the groupcheck table.

On Fri, Dec 19, 2008 at 9:48 AM, Todd R. <tjrlist at> wrote:
> In a nutshell here is what I need to do, the long story is after the short
> version if you are interested.
> ########Short version##########
> I want to restrict dialup users or a group of dialup users living within
> MySQL tables to certain clients or list of clients.
> So when a user who is only allowed access when coming from clients 1 and 2
> dials in and the request comes from client 3 he is denied access.
> I already do this with the crappy Windows based radius solution we have
> stuck on for years, surely I can accomplish the same with FR.
> Any help in a language which a total FR novice can understand would be
> appreciated.
> ######end short version########
> ########Long Version###########
> I have read the docs, the archives, the readmes, the examples etc.
> So far, I can't get a good handle on how to accomplish the following so I
> again asking for some guidance from the list.
> Here is my situation and what I need to accomplish, any help in getting
> done would be most appreciated. I don't mind doing the footwork, research
> etc. to build a solution that will work but please keep in mind that I am
> total FR Newb and need this in dufus language :)
> For the last 8 years or so we have been using a dreaded windows based
> solution that we just couldn't get away from due to how much code we have
> written around this horrible solution. Finally, it's time to just do it
> deal with the pain.
> What we have right now is several dialup wholesale
> networks/carriers/aggregators who proxy the radius request to us, we then
> decide to accept or deny the dialup user based on many things but of
> username/pass etc.. One of the things we use to determine if they get
> or not is which client they came from meaning which of our wholesale
> network's radius server (client) sent us the request.
> So, in short I need to accomplish the same thing on FR.
> Let's say I have 5 clients, their short names and IPs configured in my FR
> clients file.
> I need to somehow decide within FR when the request comes in from client
> that this user (in Mysql table) is allowed to have access to that dialup
> network.
> So:
> Joeuser from client1 = OK (allow user)
> Joeuser from client2 = Not OK (deny user)
> I am guessing I should do something with groups within the SQL tables such
> as assign joeuser to dialgroup1 which is then somehow allowed from client1
> or for that fact clients 1, 3 and 5 but not allowed to client2.
> I researched huntgroups but can't find much documentation on that, not
> if that's were I need to go or??
> Regards,
> Todd R.
> -
> List info/subscribe/unsubscribe? See

Random quote of the week/month/whenever i get to updating it:
"Opportunity knocked. My doorman threw him out." - Adrienne Gusoff

"At school you don't get parole, good behavior only brings a longer
sentence." - The History Boys
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list