Alan, Thanks for your reply and sorry for my sluggishness in getting back to you with more info...
Alan DeKok [EMAIL PROTECTED] wrote: > Yes. The server allows you nearly unlimited control over what to > look for, and what to do when it finds data of interest. That is good to know :) > Your description is useful, but still a little vague. You describe > what you want, but not how the data is seen by the RADIUS server > (i.e. attributes). Ok.. lets give this an other shot.. the setup I'm building is to authenticate/authorize and account mobile users. The user will specify his username (User-Name), his password (User-Password) and the NAS is also configured to send the MS-ISDN to the radius server which I'm told is send using Calling-Station-ID. Now the way I want this to work is that as soon as a request comes in from the NAS the radius server will check Calling-Station-ID against a list of known values and if no match is found it denies the request. If a match is found it will go on to check for a valid username and password combination. If none is found it should reject the session. If a match is found it should reply with the proper attributes. In an ideal situation I'd like to use realms and bind a group of known Calling-Station-ID's to a specific realm. If this is not possible than a generic list of Calling-Station-ID's for all users will also work but is the less preferred solution. So if I go thru the steps I get.. 1. Check realm a) no realm - reject b) realm found go to 2 2. Check Calling-Station-ID a) no match found for this realm - reject b) match - go to 3 3. Check user+pass a) no match - reject b) match - return attribs for user So in this situation: realm test1: - known cli's 1111,1112,1113 - known users [EMAIL PROTECTED] w/ pass moo realm test2: - known cli's 2222,2223,2224 - known users [EMAIL PROTECTED] w/ pass bla If [EMAIL PROTECTED] tries to login with pass of moo coming from cli 1111-1113 he is allow - any other cli will not be allowed. I was the rlm_checkval module.. is this what I would use for this? A sample configuration and users file entry would be really appreciated. I hope this helps to clarify the issue, Thanks, - Jasper - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html