Thanks for your reply. Alan.
You showed the follow process.
> > 1.Checking users file
> > If the User-Name is not found, go to "Checking SQL(Mysql) DataBase."
> > Check the Calling-Station-Id.
> > if the Calling-Station-Id is correct, continue to "authenticate"
> > if the Calling-Station-Id is incorrect,reject the user.
>
> > 2.Checking SQL(Mysql) DataBase.
> > If the User-Name is not found, reject the user.
> >
> > Check the Calling-Station-Id.
> > if the Calling-Station-Id is correct, continue to "authenticate"
> > if the Calling-Station-Id is incorrect,reject the user.
>
> In "authenticate", check the User-password. If correct, the user is
> authenticated.
> > if the User-Password is incorrect,reject the user
Then, I have a question.
What means, the User-Name is not found?
I thought the User-Name value in resquest is not found in users file.
But the freeradius does not operate such.
It looks like follow.
case 1 (this case is OK(found!))
User-Name(value) in Users file equals User-Name(value) in Access-Request.
and
User-Password(value) in Users file equals User-Password(value) in
Access-Request.
and
Calling-Station-Id(value) in Users file equals Calling-Station-Id(value) in
Access-Request.
case 2 (this case is not found)
User-Name(value) in Users file equals User-Name(value) in Access-Request.
and
User-Password(value) in Users file do not equal User-Password(value) in
Access-Request.
and
Calling-Station-Id(value) in Users file equals Calling-Station-Id(value) in
Access-Request.
case 3 (this case is not found)
User-Name(value) in Users file equals User-Name(value) in Access-Request.
and
User-Password(value) in Users file equals User-Password(value) in
Access-Request.
and
Calling-Station-Id(value) in Users file do not equal Calling-Station-Id(value)
in Access-Request.
case 4 (this case is not found)
User-Name(value) in Users file equals User-Name(value) in Access-Request.
and
User-Password(value) in Users file do not equal User-Password(value) in
Access-Request.
and
Calling-Station-Id(value) in Users file do not equal Calling-Station-Id(value)
in Access-Request.
Does "The User-Name is not found" mean what all the radius attributes that
should be compared are matched?, not only the User-Name value does not matched?
IF that is right, does checking the User-Password in authenticate always succeed?
----------------------------------------------------------
Access-Request:
User-Name = "testusr"
User-Password = "usrpass00"
NAS-Port = 1
NAS-IP-Address = 192.168.100.20
Framed-Protocol = PPP
Service-Type = Framed-User
NAS-Port-Type = ISDN
Calling-Station-Id = "0123456789"
----------------------------------------------------------
Users file:
testusr Auth-Type := Local, User-Password == "usrpass", Calling-Station-Id
=="0123456789"
User-Service = Framed-User ,
Framed-Protocol = PPP ,
Framed-IP-Address = 10.0.0.1 ,
Framed-IP-Netmask = 255.255.255.255 ,
Ascend-Idle-Limit = 600 ,
Ascend-Data-Filter = "ip in forward dstip 10.0.1.0/24" ,
Ascend-Data-Filter += "ip in forward dstip 172.16.1.0/24" ,
Ascend-Data-Filter += "ip in drop dstip 0.0.0.0" ,
Ascend-Data-Filter += "ip out forward"
sorry for my poor english
regards
--
baffy200y <[EMAIL PROTECTED]>
__________________________________________________
Do You Yahoo!?
http://bb.yahoo.co.jp/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
