Checking NAS-Identifier in the radgroupcheck table
tnt at kalik.net
tnt at kalik.net
Thu Oct 2 14:37:13 CEST 2008
>So, if I set the NAS-Identifier to "LMS2" (the one used by my chillispot
>portal), the condition NAS-Identifier == LMS2 matches, so radius puts me to
>the "hotel1" group. If it doesn't match (while using radtest command for
>example), it continues the login process, but considering that i don't own
>any group... So in my problem explained before, the user can log in even if
>he's not recognized as coming from the hotel he was expected to come from...
>What I would like to find is a way to allow a users to log in, only if they
>have been attributed to a group...
>
Ah, failed check in sql groups won't reject the user. It will just cause
group info to be ignored. This is to allow the user to be a member of
multiple groups - if he doesn't match one, then checks go on to next
one with lower priority etc.
Use radcheck for checks that should reject the user.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list