Marcelus Trojahn wrote:
> Hello folks,
> 
>   For quite some time now I'm struggling with a problem I have no clue
>   how to solve...
> 
>   Consider the following:
>   zro Auth-Type := MD5, User-Password := 9bb05e8970a8c18991d3048f3f5ad976, 
> Calling-Station-Id == 00:16:EC:54:2E:C4, Simultaneous-Use := 1
>       Mikrotik-Rate-Limit = "128k/192k 128k/384k 64k/64k 1/8"

  In 1.1.4 && later, you don't need to set Auth-Type like this.  See
"man rlm_pap" for details.

  It also makes the configuration much simpler.

>   Is  there  any way I can instruct the Radius to do like a logical OR
>   check? Like:
> 
>   if (NAS-IP-Address != "10.200.200.2") {
>     Calling-Station-Id has to be 00:16:EC:54:2E:C4
>   } else {
>     Ignore the Calling-Station-Id, check only the password
>   }

  Set up two modules.  Use rlm_passwd to put the Calling-Station-Id's
into an internal group (say My-Group), and then do:

DEFAULT NAS-IP-Address != 10.200.200.2, My-Group != "foo", Auth-Type :=
Reject

DEFAULT do password checks...

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to