Matching Airespace-Wlan-Id in users files or radgroupcheck database
Adam Wien
adam.wien at gmail.com
Wed Feb 17 18:26:01 CET 2010
On Feb 17, 2010, at 10:54 AM, Alan DeKok wrote:
> Adam Wien wrote:
>> Here's my database setup.
>
> Please read doc/rlm_sql.
>
>> mysql> select * from radcheck where username='adam at cpanel.net';
>> +------+-----------------+--------------------+----+----------+
>> | id | username | attribute | op | value |
>> +------+-----------------+--------------------+----+----------+
>> | 1072 | adam at cpanel.net | Cleartext-Password | := | BLANK |
>> +------+-----------------+--------------------+----+----------+
>
> Defines a password...
>
>> mysql> select * from radgroupcheck;
>> +------+-----------+-------------------+----+-------+
>> | id | groupname | attribute | op | value |
>> +------+-----------+-------------------+----+-------+
>> | 1072 | Sysadmin | Airespace-Wlan-Id | == | 9 |
>> +------+-----------+-------------------+----+-------+
>
> Says "group sysadmin checks if the airespace attribute matches"
>
>> mysql> select * from radusergroup;
>> +-----------------+-----------+----------+
>> | username | groupname | priority |
>> +-----------------+-----------+----------+
>> | adam at cpanel.net | Sysadmin | 1 |
>> +-----------------+-----------+----------+
>
> Says "user adam... is in group sysadmin".
>
> Where did you configure it do *do* something, like reject the user?
I guess that's my real question. What database does that belong in?
I've tried adding it to 'radgroupreply' and also 'radgroupcheck' with a higher ID(although the latter doesn't seem correct).
>
> This configuration does *not* deny users access by matching
> Airespace-Wlan-Id. That should be clear: there is no "deny" rule!
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list