Check multiple attributes for one user
Krijn Tanis | WiMood
krijntanis at wimood.nl
Mon Oct 4 19:58:30 CEST 2010
Hello all,
For a project I am working on 802.1x WPA-EAP authentication and for this
I use a Freeradius server. This part of authentication works perfect.
Now I also want to check the Calling-Station-Id for the user, in this
case it is MAC address of the wireless client. I want this because I
want to allow the user to connect only from one MAC address (else user
is able to use a other device that is not in our control, I want to
prevent this. So I want to check the Password ánd Calling-Station-Id in
one and the same Access Request. If both match an Access-Accept is sent,
in all other cases (when password or Calling-Station-Id do not match for
the user) an Access-Reject.
I tried to do this:
+----+----------------+--------------------+------------------+------+
| id | UserName | Attribute | Value | Op |
+----+----------------+--------------------+------------------+------+
| 1 | krijn | Calling-Station-Id | 00-0B-6B-D9-D0-14| == |
| 2 | krijn | Cleartext-Password | test123 | := |
But this doesn’t work, the user is rejected. Can somebody point me into
the right direction?
Kind regards,
Krijn Tanis
WiMood
More information about the Freeradius-Users
mailing list