On Wed, 23 Feb 2005, Vincent Chen wrote: > > Thanks for your response. I am sorry that I didn't make myself clear. For > account "Presario 2135AD", I first created this profile: > > "Presario 2135AD" Auth-Type := EAP, NAS-IP-Address == 10.1.2.5 > Session-Timeout = 300 > > As we can see, the request from 10.1.2.5 and profile say this account should > connect from AP at 10.1.2.5. Everything matches and the request accepted. > > Then I deleted the above profile and replaced with this one, tried to limit > this new profile only have access to another AP at 10.1.3.5. > > "Presario 2135AD" Auth-Type := EAP, NAS-IP-Address == 10.1.3.5 > Session-Timeout = 300 > > But when user who ownes "Presario 2135AD" certificate tried to connect AP at > 10.1.2.5, freeradius still accept connection. Did the new profile say > "Presario > 2135AD" certificate owner only have access to AP at 10.1.3.5 now? Why > freeradius still accept his requst from AP at 10.1.2.5? No mater what I do, > this user can connect to both AP at 10.1.2.5 and 10.1.3.5. I can't limit this > user connect to only one of these 2 APs. > > Any idea? >
Take a look at the debug output (radiusd -X) and find where your users file is matched. Then look at those lines in your users file. I would guess that your user didn't match the 10.1.3.5 entry and then fell through to some default entry. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
