Hi Svend, > The problem occurs when I want a group to contain several NAS. How can I > make freeradius accept the login if the NAS-IP-Address from the user, is > one of several listed in a group that a user is member of?
==> read info about checkval module in radiusd.conf. checkval { item-name = NAS-IP-Address check-name = NAS-IP-Address data-type = ipaddr } * enable the module in section authorize and in your radgroupcheck you have to do something like this: mysql> select * from radgroupcheck where attribute like 'NAS-IP-Address'; +----+---------------+----------------+----+-----------------+ | id | GroupName | Attribute | op | Value | +----+---------------+----------------+----+-----------------+ | 83 | config_common | NAS-IP-Address | += | 1.2.3.4 | | 84 | config_common | NAS-IP-Address | += | 1.2.3.5 | +----+---------------+----------------+----+-----------------+ then if your your user will be in group called "config_common"(whatever you choose) then checkval module will perform checking base on multiple values found for NAS-IP-Address. Please mind the "op" field especially! Milan Holub holub (at) thenet (dot) ch -------------------------------------- TheNet-Internet Services AG, im Bernertechnopark, Morgenstr. 129 CH-3018, Bern, Switzerland 031 998 4333, Fax 031 998 4330 http://www.thenet.ch http://wlan.thenet.ch -------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html