check item problem

[Brian Leung]

hi all, i wanna to add some rules in freeradius so the user just can access the system from the Calledstationid 123456, for example my ldif is like that:   dn: uid=brianlk,ou=dialup,o=test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: inetLocalMailRecipient objectClass: radiusprofile objectClass: posixAccount objectClass: PureFTPdUser sn: brianlk ou: dialup description:: IFBQUF9VWFBX uid: brianlk uidNumber: 15385 gidNumber: 1001 homeDirectory: /home/brianlk loginShell: /sbin/nologin userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI= cn: brianlk radiusCalledStationId: 123456   However, the radiusCalledStationId haven't checked when i login. So, i can access system from any Calledstationid. How can i fix? And, did i need to enable "compare_check_items = yes"? I have tried to enable, but i was rejected when i login. Anyone knows how to use "compare_check_items"? Thank you the debug:   rlm_ldap: waiting for bind result ... rlm_ldap: performing search in o=test, with filter (uid=brianlk) rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 & op=21 rlm_ldap: looking for reply items in directory... Invalid operator for item User-Password: reverting to '==' rlm_ldap: Pairs do not match. Rejecting user. ldap_release_conn: Release Id: 0   modcall[authorize]: module "LDAP1" returns reject modcall: group redundant returns reject modcall: group authorize returns reject Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client localhost port 10) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 119 to 127.0.0.1:33242 Waking up in 7 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 119 with timestamp 3e87d523 Nothing to do.  Sleeping until we see a request.