I'm trying to implement a similar scenario: I am using PEAP, and I want to check if a given mac is in my database. In my case, the MACs file looks like this:
0030.0996.CF52:192.168.12.1 I would like to match the first field (MAC) with the NAS "Calling-Station-Id" attribute, if this check fails, I would like to reject that user. Is it doable with rlm_password ? I've tried, but I cannot figure out which is the right "format" for my case: I've tried the following in radiusd.conf: modules { (...) passwd mac-ip { filename = /etc/raddb/MAC-IP format = "mac-address:Calling-Station-Id" delimiter = ":" } } (...) authorize { preprocess mac-ip <--- I want to Reject the client if that module fails eap files } But when I run radiusd -X: rlm_passwd: no field market as key in format: mac-address:Calling-Station-Id How do I specify that mac-address is a "key" and Calling-Station-Id a "value" ? Thank you, Roman On 3/7/06, Alan DeKok <[EMAIL PROTECTED]> wrote: > Guillaume <[EMAIL PROTECTED]> wrote: > > ok, if i understand the manpage of dictionary & rlm_passwd, i have to > > add this line in: > > ##Dictionary file## > > ATTRIBUTE mac-address 3001 string > > Why? That attribute won't ever appear in a packet. > > You have to use an attribute that will appear in a packet. > > Other than that, it looks like it should work. > > Alan DEKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html