> > Please read the docs. This comments right above the "passwd" module in > the default config are VERY SPECIFIC. The format is: > > format = "*Key-Value:~Request-Value:=Reply-Value:Configure-Value" > > That is, the radius attribute "Key-Value" is the first field. > Request-Value (prefix ~) will be added to the request, Reply-Value > (prefix =) to the reply, and Configure-Value (no prefix) to the > configure items.
Sure, I have missed that valuable info (I was too focused on man page and /usr/share/doc). > So you're wrong several ways: > > 3. In any case, for WAPs, Calling-Station-Id is normally the MAC, not IP That's exactly the field I wish to use (Calling-Station-Id), the IP is just for other internal purposes, so you can ignore it. > Try something like this: > > passwd mac-ip { > filename = /etc/raddb/MAC-IP > format = "*Calling-Station-Id:Class" > delimiter = ":" > authtype = Reject > } > always fail { > rcode = fail > } > > authorize { > mac-ip { > notfound = reject > } > # others > } That was useful, thank you ! I guess that in my case it's safe to drop the Class attribute, leaving format just as: "*Calling-Station-Id:". > ...and note that many/most APs send the MAC as "00-11-22-33-44-55" so > the file should look like this: > > 00-11-22-33-44-55:KnownUser FYI, the Cisco Aironet 1200 can send the Calling-Station-Id on these configurable formats: xxxx.xxxx.xxxx xx-xx-xx-xx-xx-xx xx:xx:xx:xx:xx:xx So it's ok right now. > > This is all in the docs. Perhaps this example could be used in the manpage as an EXAMPLE section, isn't it ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html