> Hi, Dustin > > You are absolutely right. There are no matched profile in /etc/raddb/users > file > after NAS-IP-Address changed to 10.1.3.5. In my case, freeradius let user in. > It solve after I add the following DEFAULT profile to /etc/raddb/users file. > > DEFAULT Auth-Type := Reject > > I don't understand why freeradius let user with no matched profile file in by > default. > > Now I have to deal with another problem. My user profiles will be stored in > postgresql database later. I already insert mentioned profile into database > but > don't know how to put DEFAULT profile to database yet. Now everyone in > database > has full access to 2 AP just like before. :) Do you have any idea about this? > > I am really appreciated for you help about this issue. > > Thnaks, > > > Vincent Chen >
I don't use sql very often, but I think it shouldn't be too hard. Someone else on the list might be able to help more, but I think you can do this easily with groups in sql and some entries in the users file. setup a few groups. group1 gets access to 10.1.1.1, group2 gets access to 10.1.1.2 and 10.1.1.3. in sql, setup the usergroups table and put your users into whatever groups they should be in. User1 is in both groups, user2 is only in one. usergroup table user1,group1 user1,group2 user2,group1 Setup the huntgroups file group1 nas-ip-address == 10.1.1.1 group2 nas-ip-address == 10.1.1.2 group2 nas-ip-address == 10.1.1.3 In the users file, DEFAULT Huntgroup-Name == group1, Sql-Group == group1, Auth-Type := EAP DEFAULT Huntgroup-Name == group2, Sql-Group == group2, Auth-Type := EAP DEFAULT Auth-Type := Reject Again, there may be an easier way to do this, but I think that should work. -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
