Hello, I'm using Freeradius 2.0.4 from the package in Debian Lenny for WPA (for wifi) and 802.1x (for wired ethernet) authentication and authorization.
They use PEAP/MSchapv2 for authentication. Most users are in LDAP and are allowed to connect either to wired ethernet or to wifi. But I also have to deal with some "guest" users, whose usernames all begin with the "guest/" prefix, who are in a SQL database, and who only should be allowed to connect to wifi. Currently, the relevant part of my users file is: | DEFAULT Huntgroup-Name == ap, Prefix == "guest/", Autz-Type := GUEST | Fall-Through = No | | DEFAULT Autz-Type := DEFAULT The trouble is the inner request has no NAS-IP-Address, so the Huntgroup-Name is not set and does not match. Running freeradius -X shows that the Huntgroup-Name condition is correctly verified for the outer request, but not for the inner one. And if I remove the Huntgroup-Name condition, everything works fine, but the guest users are allowed to connect to wired ethernet. Is there a way I can test the outer Huntgroup-Name in my users file? Regards, -- Nicolas Boullis Ecole Centrale Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
