attribute checking in the session REJECT

[Can Paçacı]

On 9/11/25 15:21, Alan DeKok via Freeradius-Users wrote:
> On Sep 11, 2025, at 1:44 AM, Can Paçacı <pacaci at servisnet.com.tr> wrote:
>> Sorry I couldn't explain  clearly.  I listed the things I wanted to do during the checks on the auth access package as follows:
>>
>> In the Received Access-Request,
>>       -In the normal conditions check User-Name, User-Password and NAS-Identifier and write the appropriate Reply-Message to the return package.
>>       -In cases where NAS-Identifier is not defined in the radcheck table only check the User-Name and User-Password and write the appropriate Reply-Message to the return package.
>    But the server does that already.
>
>    If you list a User-Name, User-Password, and NAS-Identifier in radcheck, they will all be used.  If you only list a User-Name and User-Password in radcheck, it will only use / check those.

Yes, you are right, the system already performs this check under normal 
conditions

>
>    Perhaps you're looking to catch the situation where a user has a correct name / password, but is using the wrong NAS.  For that situation, you don't need to do anything.  Just list the right NAS-Identifier in radcheck.  Then, if the user logs into a different NAS, it won't match.  Since that entry didn't match, the User-Password won't be added.  And the user will be rejected.

on the contrary  if the NAS-Identifier  is not defined in radcheck, I do 
not want it to produce an incorrect NAS message. I should write an 
unlang for this exception but I haven't quite succeeded.


>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Can Paçacı
pacaci at servisnet.com.tr
Servisnet A.Ş.
Tel: 90 530 5450952