[EMAIL PROTECTED] wrote:
Quoting Alan DeKok <[EMAIL PROTECTED]>:
And yes, I cover all of this in my
book, which will be done real soon now...
This is the book I am waiting to read. The O'Reilly book is a good primer but
really doesn't get to the meat of what Radius can do.
You can do:
bob Calling-Station-Id != "0001....", Auth-Type := Reject
Could I also do:
bob password = "neil", Calling-Station-Id != "0001....", Auth-Type := Reject
So that both pieces of information have to be present to be authenticated?
No, that would always reject the user. You could do this:
bob Calling-Station-Id != "0001....", Auth-Type := Reject
bob User-Password := "neil"
Can you instead use rlm_checkval like this:
modules {
passwd user2allowedmacs {
filename = /etc/raddb/user2allowedmacs
format = "*User-Name:Calling-Station-Id"
hashsize = 100
allowmultiplekeys = yes
}
checkval usermacs {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
notfound-reject = yes
}
}
authorize {
preprocess
user2allowedmacs
usermacs
# other stuff
}
/etc/raddb/user2allowedmacs:
user1:001122334455
user1:aabbccddeeff
user2:0123456789ab
...I think that ought to work?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
