Neil Marjoram wrote: > I have just installed 2.05 and have successfully linked to my ldap > server. I would like to build in MAC address checking on top of the user > name / password auth. ... > Is there a way of getting Radius to check that the Calling-Station-Id > matches radiusCallingStationId before access is allowed? I have read the > ldap docs and not been able to find what I am looking for.
Don't set "compare_check_items" in the LDAP configuration. It's supposed to work, but there are pending bugs. You can do an LDAP query directly in unlang: ... if ("%{ldap: ... query ...}" != "%{Calling-Station-Id}") { reject } ... You'll have to edit the LDAP query for your local system... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html