How to Restrict All Users from Certain APs
White III, Joe
Joe.White at arvatousa.com
Mon Jan 30 16:40:25 CET 2012
Fajar wrote:
>
> In FR-2.x you should be able to use
>
> DEFAULT Client-Shortname == ap-2000-cd6, Auth-type := reject,
> Fall-Through = yes
Turns out the guest network is on a separate wireless VLAN, not on separate access points as first thought.
Based on the debug output down below, could I do the following in the users file?:
DEFAULT User-Password == "letmelook"
Airespace-Wlan-Id = 4
Fall-Through = No
rad_recv: Access-Request packet from host 172.18.17.152:32769, id=239, length=151
User-Name = "000b6b-b30fe2"
Called-Station-Id = "00-1c-b1-06-bb-50:adisNet"
Calling-Station-Id = "00-0b-6b-b3-0f-e2"
NAS-Port = 1
NAS-IP-Address = 172.18.17.152
NAS-Identifier = "lkywcs02"
--> Airespace-Wlan-Id = 4 <--
--> User-Password = "letmelook" <--
Service-Type = Call-Check
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
rlm_realm: No '@' in User-Name = "000b6b-b30fe2", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
radius_xlat: '000b6b-b30fe2'
rlm_sql (sql): sql_set_user escaped user --> '000b6b-b30fe2'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '000b6b-b30fe2' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '000b6b-b30fe2' ORDER BY id
rlm_sql (sql): User 000b6b-b30fe2 not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 2
modcall: leaving group authorize (returns ok) for request 2
rad_check_password: Found Auth-Type System
rad_check_password: Found Auth-Type Accept
Warning: Found 2 auth-types on request for user '000b6b-b30fe2'
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [000b6b-b30fe2] (from client louwcs02 port 1 cli 00-0b-6b-b3-0f-e2)
Sending Access-Accept of id 239 to 172.18.17.152 port 32769
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 0 ID 237 with timestamp 4f26ad48
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 238 with timestamp 4f26ad4d
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 239 with timestamp 4f26ad4e
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list