Thanks for your reply. Alan. You showed the follow process.
> > 1.Checking users file > > If the User-Name is not found, go to "Checking SQL(Mysql) DataBase." > > Check the Calling-Station-Id. > > if the Calling-Station-Id is correct, continue to "authenticate" > > if the Calling-Station-Id is incorrect,reject the user. > > > 2.Checking SQL(Mysql) DataBase. > > If the User-Name is not found, reject the user. > > > > Check the Calling-Station-Id. > > if the Calling-Station-Id is correct, continue to "authenticate" > > if the Calling-Station-Id is incorrect,reject the user. > > In "authenticate", check the User-password. If correct, the user is > authenticated. > > if the User-Password is incorrect,reject the user Then, I have a question. What means, the User-Name is not found? I thought the User-Name value in resquest is not found in users file. But the freeradius does not operate such. It looks like follow. case 1 (this case is OK(found!)) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file equals User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file equals Calling-Station-Id(value) in Access-Request. case 2 (this case is not found) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file do not equal User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file equals Calling-Station-Id(value) in Access-Request. case 3 (this case is not found) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file equals User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file do not equal Calling-Station-Id(value) in Access-Request. case 4 (this case is not found) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file do not equal User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file do not equal Calling-Station-Id(value) in Access-Request. Does "The User-Name is not found" mean what all the radius attributes that should be compared are matched?, not only the User-Name value does not matched? IF that is right, does checking the User-Password in authenticate always succeed? ---------------------------------------------------------- Access-Request: User-Name = "testusr" User-Password = "usrpass00" NAS-Port = 1 NAS-IP-Address = 192.168.100.20 Framed-Protocol = PPP Service-Type = Framed-User NAS-Port-Type = ISDN Calling-Station-Id = "0123456789" ---------------------------------------------------------- Users file: testusr Auth-Type := Local, User-Password == "usrpass", Calling-Station-Id =="0123456789" User-Service = Framed-User , Framed-Protocol = PPP , Framed-IP-Address = 10.0.0.1 , Framed-IP-Netmask = 255.255.255.255 , Ascend-Idle-Limit = 600 , Ascend-Data-Filter = "ip in forward dstip 10.0.1.0/24" , Ascend-Data-Filter += "ip in forward dstip 172.16.1.0/24" , Ascend-Data-Filter += "ip in drop dstip 0.0.0.0" , Ascend-Data-Filter += "ip out forward" sorry for my poor english regards -- baffy200y <[EMAIL PROTECTED]> __________________________________________________ Do You Yahoo!? http://bb.yahoo.co.jp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html