Do you see how the Called-Station-Id is not coming in with the auth request?
> The following is the whole debug when i used "compare_check_items", > > Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on > 1647/udp. > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223, length=59 > User-Name = "brianlk" > User-Password = "123jseff" > NAS-IP-Address = 192.168.0.2 > NAS-Port = 10 > modcall: entering group authorize > rlm_ldap: looking for check items in directory... > rlm_ldap: extracted attribute NAS-IP-Address from generic item > NAS-IP-Address == "192.168.0.1" > rlm_ldap: looking for reply items in directory... > Invalid operator for item User-Password: reverting to '==' > rlm_ldap: Pairs do not match. Rejecting user. > ldap_release_conn: Release Id: 0 You need to make sure the NAS is sending the Called-Station-Id for this to work for you. The attributes that come in the Access-Request packet are compared against what is in your LDAP directory. So its comparing Called-Station-Id in your ldap directory to nothing. > > > > > hi all, > > > i wanna to add some rules in freeradius so the user just can access the > system from the Calledstationid 123456, for example > > > my ldif is like that: > > > > > > dn: uid=brianlk,ou=dialup,o=test > > > objectClass: top > > > objectClass: person > > > objectClass: organizationalPerson > > > objectClass: inetOrgPerson > > > objectClass: inetLocalMailRecipient > > > objectClass: radiusprofile > > > objectClass: posixAccount > > > objectClass: PureFTPdUser > > > sn: brianlk > > > ou: dialup > > > description:: IFBQUF9VWFBX > > > uid: brianlk > > > uidNumber: 15385 > > > gidNumber: 1001 > > > homeDirectory: /home/brianlk > > > loginShell: /sbin/nologin > > > userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI= > > > cn: brianlk > > > radiusCalledStationId: 123456 > > > > > > However, the radiusCalledStationId haven't checked when i login. So, i > can access system from any Calledstationid. How can i fix? > > > And, did i need to enable "compare_check_items = yes"? > > > I have tried to enable, but i was rejected when i login. Anyone knows > how to use "compare_check_items"? Thank you > > > the debug: > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
