Osmany wrote:
I tried with the above configuration by putting the number 7 in front of
the phone number and indeed the user test can only connect with that phone
number. I guess that the NAS forwards the phone number including area code.
Since that is working, now I want to add another phone number (another
Calling-Station-Id) to the user test, so that the user can connect from
only one phone number or the other. I tried using the += operator and the
user can connect from any phone number. So my configuration works only if
the user has only one Calling-Station-Id attribute, but I wanted to work
with two Calling-Station-Id attributes also.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Osmany
If you would like this test user connect from another phone number,
simply add another entry in the same table, just as you did before.
Add another entry with the Calling-Station-Id attribute? Let's see if I
understand. After I add the other entry in the table it would look like
this:
|312|t...@domain.com|Calling-Station-Id | == | "phonenumber"
|298|t...@domain.com|MD5-Password | := | password
|313|t...@domain.com|Calling-Station-Id | += | "phonenumber"
Let me just clarify that I tried this before and when I try to connect with this user,
freeradius does not let me. When I run freeradius in debug mode I find this in the logs:
rad_recv: Access-Request packet from host 192.168.25.50 port 17968, id=104,
length=148
User-Name = "t...@internet.quimefa.cu"
User-Password = "test"
NAS-IP-Address = 192.168.25.50
NAS-Port = 452
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "60110"
Calling-Station-Id = "72061490"
NAS-Identifier = "Aguila"
NAS-Port-Type = Async
Connect-Info = "48000/31200 V90/V42bis/LAPM"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "internet.quimefa.cu" for User-Name =
"t...@internet.quimefa.cu"
[suffix] No such realm "internet.quimefa.cu"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
expand: %{User-Name} -> t...@internet.quimefa.cu
[sql] sql_set_user escaped user --> 't...@internet.quimefa.cu'
rlm_sql (sql): Reserving sql socket id: 2
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 't...@internet.quimefa.cu' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 't...@internet.quimefa.cu'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User t...@internet.quimefa.cu not found
++[sql] returns notfound
Try this way, remember the operator.
|312|t...@internet.quimefa.cu|Calling-Station-Id | += | "72061490"
|298|t...@internet.quimefa.cu|MD5-Password | := | password
|313|t...@internet.quimefa.cu|Calling-Station-Id | += | "72061490"
However check that you return the error debugging.
suffix] Looking up realm "internet.quimefa.cu" for User-Name =
"t...@internet.quimefa.cu"
[suffix] No such realm "internet.quimefa.cu"
sql] User t...@internet.quimefa.cu not found
++[sql] returns notfound
For this reason, it is the user and should not assume that you connect it.
But in the end because it connects the user's which is declared in the file
"users". apparently
you have stated that locate the user in the database and also in this
file, you must define where you will store your users and then put the
phone number.
Once again check the AAA section, where you define how it will look freeradius
user.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html