Rejecting User By their Calling-Station-Id (Mac Address)
Alex M
freeradius at lrcommunications.net
Tue Dec 15 04:17:45 CET 2009
Hey all, i'm coming back here w/ my old question of how to reject users
based on their MAC address... but now im running FR 2.x.x
So, we have trial access for free, and some people figured that they can
re-register new accounts for trial all over again and have fun this way.
Well thats not fun for us so we trying to figure out what we can do to
reject reqyest from their machines no matter what name they put in. So maybe
some one can help me out here.
Here is what I tried:
*radusergroup* (username, groupename, priority)
<all user-names registered> Ban 9999
Test_User Home 1
*radgroupcheck* (groupname, attribute, op, value)
Ban Calling-Station-Id == 00:0b:6a:xx:xx:xx
Ban Reply-Message == You have been banned
Ban Auth-Type := Reject
*radcheck* (username, attribute, op, value)
Test_User password == letmein
So far that dint work at all... I tried changing priority but no matter what
I do the user still authorized to enter the network. I'm sure I did
something wrong but im not sure what?
So maybe some one can help me out?
Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091214/b6a0a2b5/attachment.html>
More information about the Freeradius-Users
mailing list