> Do something like: > > modules { > passwd mac2ok { > filename = /etc/raddb/mac2ok > format = "*Calling-Station-Id:~My-Local-String" > hashsize = 100 > } > > # other modules > } > > authorize { > preprocess > mac2ok > files > # other modules > } > > Make "/etc/raddb/mac2ok" read: > > 008012323244:ok > 002938475473:ok > > ...then in "users" put: > > DEFAULT My-Local-String != "ok", Auth-Type := Reject > Reply-Message = "calling station id not allowed", > Fall-Through = No > > # Other config items > > Depending on the version of the server, you might need the following in > /etc/raddb/dictionary: > > ATTRIBUTE My-Local-String 3000 string
OK, It almost works fine, but if there is no mac in my mac2ok file then users file doesn't put REJECT into Auth-Type. I have added that line at the begining of users file: DEFAULT Auth-Type := REJECT, My-Local-String !* "a" and if there is no mac in mac2ok file then user cannot login into network. but if there is mac in mac2ok file (so My-Local-String exist) I have always: rlm_eap_peap: Had sent TLV failure, rejecting. My freeradius version is 1.1.0 If I remove the first line from users file all is ok. Users can login only from specified access points. The first line in users file works fine, if there is no mac in mac2ok file... Can I add at the begining or at the end (?) of mac2ok file something like *:bad and everything will be 'bad' but ok will be overwritten by 'good' ?? Norbert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html