I want to check which port the client is using to get conected to.
I am using freeradius, and testing with radclient.
My test is:
cat << EOF | radclient -x localhost auth testing123
User-Name = gollum
User-Password = smeagol
NAS-IP-Address = localhost
NAS-Port-Type = 5
NAS-Port = 0
EOF
and I want the server to verify if the user gollum can access trhouh a "virtual"
NAS-Port (NAS-Port-Type=5), for example.
In radiusd.conf, I put these lines:
checkval {
# The attribute to look for in the request
item-name = NAS-Port-Type
# The attribute to look for in check items. Can be multi valued
check-name = NAS-Port-Type
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
#data-type = string
data-type = integer
# If set to yes and we dont find the item-name attribute in the
# request then we send back a reject
# DEFAULT is no
#notfound-reject = no
notfound-reject = yes
}
and in the radcheck table this line:
mysql> select * from radcheck;
+----+----------+---------------+----+--------------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+--------------+
| 7 | gollum | NAS-Port-Type | == | PIAFS |
| 4 | gollum | User-Password | == | smeagol |
+----+----------+---------------+----+--------------+
So, I mean if the gollum is trying to acces through a virtual port, it must be
denied. But it receives a accept response.
How to do it work?
thank you, very much, for any help !!
Luiz Gustavo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
