Hello All,
Using 0.9.1 with MySQL.
I have found an abundance of documentation about enforcing restrictions using positive NAS-IP matches. This works fine, ie:
radgroupcheck
id GroupName Attribute Value Op
1 test NAS-IP 10.10.10.10 ==
will only allow logons from members of group "test" from the NAS at 10.10.10.10.
But what if I want to allow "test" users to logon to any NAS-IP BUT 10.10.10.10?
I have used VOP RADIUS and I can use !10.10.10.10 as a value to mean NOT 10.10.10.10.
Is there similar syntax for freeRADIUS?
You should review the ./doc/rlm_sql file for more information on what you can use for the different 'Op' values.
-- snip -- != "Attribute != Value"
As a check item, matches if the given attribute is in the
request, AND does not have the given value.Not allowed as a reply item. -- snip --
I believe that will be what you want. There are others as well, including regular expresion Operators that you can use.
You should also ensure that your 'Attribute' is a valid FreeRADIUS attribute. NAS-IP is not in the stock dictionary. NAS-IP-Address is, and is probably what you meant.
-Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Wholesale Internet Services - http://www.megapop.net
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
