How to use checkval

Wed Mar 13 12:08:18 CET 2013

Hi Dan,
What Reject ? And MAC address listed where? Are you working around MAC
authentication? FR MAC auth is working for me, I use CoovaChilli as NAS.

0.) MAc address would exist as user in MySQL DB or file
1.) Configure NAS to send MAC-Addr as username to Freeradius
2.)  And do the following at Freeradius side.
username="<mac address>";attribute="Auth-Type";op=":=";value="Accept"

Thanks / Regards
RM --

On Wed, Mar 13, 2013 at 10:49 AM, Danny Kurniawan <
danny.kurniawan at fairchildsemi.com> wrote:

> Hi Russel,
>
> Thanks for that. However it seems the check-name cant even populated. as
> you can see from my log file.
>
> +- entering group authorize {...}
> ++[preprocess] returns ok
> rlm_checkval: Item Name: Calling-Station-Id, Value: A0-88-B4-0F-C3-D8
>
> rlm_checkval: *Could not find attribute named *
> *Calling-Station-Id in check pairs*
> ++[checkval] returns notfound
> [auth_log]      expand:
> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /var/log/radius/radacct/172.21.118.231/auth-detail-20130313
> [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /var/log/radius/radacct/172.21.118.231/auth-detail-20130313
> [auth_log]      expand: %t -> Wed Mar 13 17:47:09 2013
>
>
> I check the ldap.attrmap and its correctly mapped to the LDAP attribute.
>
> So how to make sure that Radius reject the request when the MAC address is
> not listed.. thats what i want to achieve
>
> Thanks
> Danny
>
>
> On Wed, Mar 13, 2013 at 4:51 PM, Russell Mike <radius.sir at gmail.com>wrote:
>
>> checkval can helpful when you need to apply NAS-identifier &
>> Calling-Station-Id - FR attributes.
>>
>> checkval calledstationid {
>>        item-name = Called-Station-Id
>>        check-name = Called-Station-Id
>>        data-type = string
>>        notfound-reject = no
>> }
>>
>>
>> checkval nasidentifier {
>>         item-name = NAS-Identifier
>>         check-name = NAS-Identifier
>>         data-type = string
>>         notfound-reject = no
>> }
>>
>>
>> Thanks / Regards
>> RM --
>>
>>
>>
>> On Wed, Mar 13, 2013 at 7:53 AM, Danny Kurniawan <
>> danny.kurniawan at fairchildsemi.com> wrote:
>>
>>> Hi All.
>>>
>>> I found this error when enabled checkval
>>>
>>> rlm_checkval: Could not find attribute named Calling-Station-Id in check
>>> pairs
>>> ++[checkval] returns notfound
>>> ++[expiration] returns noop
>>>
>>> What is the meaning of that error?
>>>
>>> Thanks in advance
>>>
>>> --
>>> Best Regards,
>>> Danny
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> Best Regards,
> Danny
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130313/b5fc8029/attachment.html>