LDAP and checking for Mac address.
Alan DeKok
aland at deployingradius.com
Tue Jun 17 16:43:45 CEST 2008
Neil Marjoram wrote:
> I have just installed 2.05 and have successfully linked to my ldap
> server. I would like to build in MAC address checking on top of the user
> name / password auth.
...
> Is there a way of getting Radius to check that the Calling-Station-Id
> matches radiusCallingStationId before access is allowed? I have read the
> ldap docs and not been able to find what I am looking for.
Don't set "compare_check_items" in the LDAP configuration. It's
supposed to work, but there are pending bugs.
You can do an LDAP query directly in unlang:
...
if ("%{ldap: ... query ...}" != "%{Calling-Station-Id}") {
reject
}
...
You'll have to edit the LDAP query for your local system...
Alan DeKok.
More information about the Freeradius-Users
mailing list