Hi everybody. I'm configuring FreeRADIUS Version 2.1.1 on a Fedora 9 server. I'm trying to create different groups containing different users. The final result is to differentiate radius checks depending on which service users are trying to authenticate.
For example: us...@realm1 (in radius group1) coming from NAS_IP_1 us...@realm2 (in radius group2) coming from NAS_IP_2 I want to add a check that block authentication of user2 if he tries to authenticate from NAS_IP different from NAS_IP_2 I can do it (correctly) adding NAS-Identifier attribute in radcheck table for the single user. I want extend this thing to radgroupcheck table, so that I must not add the specific attribute for each user, but it will be enough to add it only one time in radgroupcheck table, for the group the user belongs to. Now I have NAS-Identifier attribute in group table, but it is ignored and the user can connect from different NAS. Here my table situation: mysql> select * from radcheck; +----+----------+--------+--------------------+----+---------+ | id | username | realm | attribute | op | value | +----+----------+--------+--------------------+----+---------+ | 3 | user1 | realm1 | Cleartext-Password | := | passwd1 | | 4 | user2 | realm1 | Cleartext-Password | := | passwd2 | +----+----------+--------+--------------------+----+---------+ mysql> select * from radgroupcheck; +----+-----------+----------------+----+----------+ | id | groupname | attribute | op | value | +----+-----------+----------------+----+----------+ | 5 | group1 | NAS-Identifier | != | 10.0.0.1 | | 6 | group2 | NAS-Identifier | != | 10.0.1.1 | +----+-----------+----------------+----+----------+ mysql> select * from radusergroup; +----------+--------+-----------+----------+ | username | realm | groupname | priority | +----------+--------+-----------+----------+ | user1 | realm1 | group1 | 1 | | user2 | realm2 | group2 | 1 | +----------+--------+-----------+----------+ Can anyone help me to solve this problem? Thanks, Arrigo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
