Restricting dialup users to certain client definitions only

tnt at kalik.net tnt at kalik.net
Tue Dec 23 10:34:21 CET 2008


>OK, took me a while but here is the SQL dump and the Debug output. One thing
>that's interesting is that I only seem to get my reply attributes from the
>radgroupreply table when I am coming from the allowed client-ip-address,
>when coming from any other IP I still get an accept but I get not reply
>attributes. So, FR seems to know the difference but I guess I am just not
>sending the reject or something?
>

That's how groups work. If a group check doesn't match - group reply
attributes are ignored. User doesn't get rejected if one of the groups
he belongs to doesn't match. SQL is a storage fascility - it's not an
authentication method.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list