I need to allow users from a wireless access point by MAC address (it comes as a userid) and then if the MAC address is not defined in the users file to check their userid/password against a LDAP database. I now had an additional requirement put on that I need to check the values of an attribute in the LDAP database.
I have it working fine checking the MAC address, then if it's not defined in the local users file, rejecting access if the userid is the form of a MAC address (12 hex digits), then if it's not a MAC address checking the userid/password against LDAP. I can't get the attribute value checking to work. I've tried mapping the attribute in the ldap.attrmap file, checkItem WirelessStatus WirelessStatus and checking the value in the users file. I'm not getting that to work. I also tried adding the attribute in the LDAP filter in radiusd.conf, as a long shot), then nothing in LDAP works filter = "(&(cn=%{User-Name})(WirelessStatus=ACTV))" with filter = "(cn=%{User-Name})" being the working line just doing userid/password checking. I was hoping someone might have some suggestions. Is the users file the place to do this, and I just need to get my syntax working, or since the users file is checked then falls through to LDAP is out of the picture at that point? -- Hans K. Fiedler Information Technology Network Analyst Communications Services [EMAIL PROTECTED] University of Louisville Louisville, Ky. 40292 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html