Checking MAC address with rlm_sql
Fajar A. Nugraha
list at fajar.net
Wed Apr 4 11:07:35 CEST 2012
On Wed, Apr 4, 2012 at 3:41 PM, Glen Harris <astfgl at iamnota.org> wrote:
> Just so I understand completely, why does authentication work when there is
> only the Cleartext-Password row in the radcheck table?
If the condition in "==" doesn't match, the check item with ":=" (i.e.
cleartext-password) will not be returned.
> Does the radusergroup
> query somehow come into play when there's a second check item?
It shouldn't, Which is why I suggested you try with simple PAP.
I've used "==" for Calling-Station-Id for several years with PAP +
MSCHAP, but admittedly never tried it with EAP, so I'd like to isolate
the problem first.
Recently I changed it to ":=" plus some unlang block that does the
actual comparison/rejection, to make debugging easier. That is, now I
can put "incorrect calling-station-id" in my logs rather than a
generic "user not found" message. You can also try this method later
if you want.
--
Fajar
More information about the Freeradius-Users
mailing list