Run the server in debug mode (radiusd -X) and check the attributes sent by the NAS. The NAS may not be sending the Calling-Station-Id or it may be in a different format. Either way, the debug output is going to give you more information.
Tim > -----Original Message----- > From: freeradius-users- > [email protected] > [mailto:freeradius-users- > [email protected]] On Behalf > Of Krijn Tanis | WiMood > Sent: Monday, October 04, 2010 10:59 AM > To: [email protected] > Subject: Check multiple attributes for one user > > Hello all, > > For a project I am working on 802.1x WPA-EAP authentication and for > this > I use a Freeradius server. This part of authentication works perfect. > > Now I also want to check the Calling-Station-Id for the user, in this > case it is MAC address of the wireless client. I want this because I > want to allow the user to connect only from one MAC address (else user > is able to use a other device that is not in our control, I want to > prevent this. So I want to check the Password ánd Calling-Station-Id in > one and the same Access Request. If both match an Access-Accept is > sent, > in all other cases (when password or Calling-Station-Id do not match > for > the user) an Access-Reject. > > I tried to do this: > > +----+----------------+--------------------+------------------+------+ > | id | UserName | Attribute | Value | Op | > +----+----------------+--------------------+------------------+------+ > | 1 | krijn | Calling-Station-Id | 00-0B-6B-D9-D0-14| == | > | 2 | krijn | Cleartext-Password | test123 | := | > > But this doesnt work, the user is rejected. Can somebody point me into > the right direction? > > Kind regards, > > Krijn Tanis > WiMood > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
