authorization: unlang/NAS-IP-Address
leopold
vova_b at yahoo.com
Wed Jul 23 14:43:44 CEST 2008
Hi,
I am using freeradius 2.0.5 with MySQL, I am very new to Radius and
FreRadius so please pardon my ignorance
I need to reject user if his NAS-IP-Address input attribute does not match
check attributes defined for his group.
For example radgroupcheck
| 1 | GROUP1 | NAS-IP-Address | == | x.x.x.1
| 2 | GROUP1 | NAS-IP-Address | == | x.x.x.2
| 3 | GROUP1 | NAS-IP-Address | == | x.x.x.3
If user is coming from NAS-IP-Address x.x.x.1 or x.x.x.2 or x.x.x.3 the user
should be accepted and reply attributes are sent back
If however if user is coming from NAS-IP-Address y.y.y.1 he should be
rejected (even in the case he provide a valid password and NAS y.y.y.1 is
properly defined in NAS table with a valid shared key)
Since I found that only one operator "==" for NAS-IP-Address check attrubute
can be found, I changed
authorize_group_check_query, but still I managed to get reply list as empty
for invalid NAS-IP and expected attributes from valid NAS (which is part of
check attributes) but user is accepted in both cases.
Is there a way to check if "reply" list is empty in unlang (does not contain
ANY attributes)?
I tried this, but it does not work.
if (!reply:[0]) {
# reply list is empty
reject
}
Do you have any suggestions?
Thanks you very much for your reply.
--
View this message in context: http://www.nabble.com/authorization%3A-unlang-NAS-IP-Address-tp18609937p18609937.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list