Accept via calling-station value

Alan DeKok aland at
Wed Jan 20 21:55:21 CET 2016

On Jan 20, 2016, at 3:39 PM, Munroe Sollog <mus3 at> wrote:
> So I thought the authorized_macs file was comparing the calling-station-id, 

  Did you configure then "files" module to do that?  It looks like you didn't.

  And it helps to read the debug output:

    } # policy rewrite_calling_station_id = noop
(0)     if (!ok) {
(0)     if (!ok)  -> TRUE

  You've put this into the "default" virtual server:

	  if (!ok) {

  Why?  That's rejecting the request when it can't re-write the Calling-Station-ID.

  And that's followed by:

	  else {
	      update control {
	        Auth-Type := Accept

  Which accepts *all* requests if the Calling-Station-ID was re-written.

  And *nothing* in the "default" server says to use the "authorized_macs" file.

 You want the server to do check authorized_macs, but you never told it to use the authorized_macs file./

  Go fix that.  And read the debug output you're posting.  It really is informative.

  Alan DeKok.

More information about the Freeradius-Users mailing list