Norbert Grochal wrote: > I want to disallow login to access points for every hosts that are not > in my network. > > So at the end of /usr/local/etc/raddb/users file I put regular > expression that checks if Calling-Station-Id IS NOT in list of my hosts... > > DEFAULT Auth-Type := REJECT, Calling-Station-Id !~ > "008012323244|002938475473|<and many other macs...>"
Don't do that. It's ugly. Use rlm_passwd. See "man rlm_passwd". That lets you list all of the MACs in one flat text file, which is a LOT easier to manage by a script than the "users" file. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html