> > Tuc at T-B-O-H.NET wrote: > > Looking to restrict a user to only be able to log in > > and re-log in to the initial NAS they first ever logged onto. > > (Hotspot) Looking at the radacct file where it looks like > > the check-items normally go against, I'm not seeing anything I > > can use as an identifier. The nasipaddress is always 0.0.0.0. > > Maybe calledstationid, except if we swap equipment out during > > the lifetime of a users id it won't match. > > > > Is anyone doing anything like this already? > > They usually use equipment that sends a NAS identifier. > Hrm.... I just originally went on the assumption that the sending side was partially braindead, and wasn't sending it. Your comment made me dump a session on 1812 and 1813... 1812: Radius Protocol Code: Access-Request (1) Packet identifier: 0x0 (0) Length: 216 Authenticator: A9A4B05B3C01784A8DF58849DB987135 [The response to this request is in frame 2] Attribute Value Pairs AVP: l=5 t=User-Name(1): tuc AVP: l=18 t=CHAP-Challenge(60): 894209E703975A194529D13926790197 AVP: l=19 t=CHAP-Password(3): 0A6E0AEA789A9A0AF0E2A7F15B04E6A289 AVP: l=6 t=NAS-IP-Address(4): 0.0.0.0 AVP: l=6 t=Service-Type(6): Login-User(1) AVP: l=6 t=Framed-IP-Address(8): 192.168.182.4 AVP: l=19 t=Calling-Station-Id(31): 00-10-A4-10-8D-A6 AVP: l=19 t=Called-Station-Id(30): 00-16-01-91-E9-46 AVP: l=10 t=NAS-Identifier(32): TBOH2173 AVP: l=18 t=Acct-Session-Id(44): 47fe006e00000000 AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19) AVP: l=6 t=NAS-Port(5): 0 AVP: l=18 t=Message-Authenticator(80): F0AE0A9EE7DAC32F9AA6089A5A9C3A70 AVP: l=40 t=Vendor-Specific(26) v=WISPr(14122)
1813: Radius Protocol Code: Accounting-Request (4) Packet identifier: 0x6 (6) Length: 142 Authenticator: 48DCF71BE50EC2E9ECC17825FB6D2417 [The response to this request is in frame 2] Attribute Value Pairs AVP: l=6 t=Acct-Status-Type(40): Start(1) AVP: l=5 t=User-Name(1): tuc AVP: l=11 t=Class(25): 303730333435363738 AVP: l=19 t=Calling-Station-Id(31): 00-10-A4-10-8D-A6 AVP: l=19 t=Called-Station-Id(30): 00-16-01-91-E9-46 AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19) AVP: l=6 t=NAS-Port(5): 0 AVP: l=10 t=NAS-Port-Id(87): 00000000 AVP: l=6 t=NAS-IP-Address(4): 0.0.0.0 AVP: l=10 t=NAS-Identifier(32): TBOH2173 AVP: l=6 t=Framed-IP-Address(8): 192.168.182.4 AVP: l=18 t=Acct-Session-Id(44): 47fe006e00000000 So it looks like its sending it, just not making it into the radacct files. :-/ So where to start looking for that? > > Or, use the "Packet-Src-IP-Address" attribute. > Thats gonna take a bit of headscratching to figure out about. :) But thanks for the lead. Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html