LDAP and checking for Mac address.

Alan DeKok aland at deployingradius.com
Tue Jun 17 16:43:45 CEST 2008

Neil Marjoram wrote:
> I have just installed 2.05 and have successfully linked to my ldap
> server. I would like to build in MAC address checking on top of the user
> name / password auth.
> Is there a way of getting Radius to check that the Calling-Station-Id
> matches radiusCallingStationId before access is allowed? I have read the
> ldap docs and not been able to find what I am looking for.

  Don't set "compare_check_items" in the LDAP configuration.  It's
supposed to work, but there are pending bugs.

  You can do an LDAP query directly in unlang:

	if ("%{ldap: ... query ...}" != "%{Calling-Station-Id}") {

  You'll have to edit the LDAP query for your local system...

  Alan DeKok.

More information about the Freeradius-Users mailing list