Norbert Grochal wrote:
OK, It almost works fine, but if there is no mac in my mac2ok file then users file doesn't put REJECT into Auth-Type. I have added that line at the begining of users file: DEFAULT Auth-Type := REJECT, My-Local-String !* "a" and if there is no mac in mac2ok file then user cannot login into network. but if there is mac in mac2ok file (so My-Local-String exist) I have always: rlm_eap_peap: Had sent TLV failure, rejecting.
Just showing that one line is useless. You need to post the entire debug output of "radiusd -X" so we can see the entire EAP conversation to determine the problem.
My freeradius version is 1.1.0 If I remove the first line from users file all is ok. Users can login only from specified access points. The first line in users file works fine, if there is no mac in mac2ok file...
I'm sorry, I don't really understand. Could you try re-phrasing the problem. You could maybe try something like this in "users". DEFAULT My-Local-String == "ok" Fall-Through = No DEFAULT Auth-Type := Reject
Can I add at the begining or at the end (?) of mac2ok file something like *:bad and everything will be 'bad' but ok will be overwritten by 'good' ??
No. You would use appropriately-ordered "users" file entries for that kind of logic - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html