OK, I defined a huntgroup "test NAS-Identifier == "my_nas"" in huntgroups file and added | eap_user | Huntgroup-Name | == | test | to radcheck table. It says "No matching entry in the database for request from user [eap_user]" and "auth: No authenticate method (Auth-Type) configuration found for the request"
When op for Huntgroup-Name changes to := int radcheck, user gets authenticated no matter what it is sent in NAS-Identifier.
?
Oliver Graf <[EMAIL PROTECTED]> wrote:
Oliver Graf <[EMAIL PROTECTED]> wrote:
On Tue, Oct 12, 2004 at 02:11:02AM -0700, Alex wrote:
> If Auth-Type is Accept, no EAP negociation occurs. What I want is TTLS established and user credentials checked and also NAS-Identifier value checked. Thai is, block some TTLS users from connecting from behind other NAS than its own.
> I get users accepted if TTLS user has only 'User-Password' and '==' in the radcheck. As soon as I add 'NAS-Identifier, '==', 'my_nas', it says Auth-Type not found.
Ah, ok. I use huntgroups for a semiliar thing (restriction certain
accounts to certain NASes). Perhaps this is something that might help
you, too?
Oliver.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!
