On Thu, Jan 26, 2012 at 4:37 AM, White III, Joe <[email protected]> wrote:
>> Generally, you can only do this is if the requests from those "certain
>> APs" have something which distinguishes them. Then you can match on this
>> in the users file [using 'DEFAULT'] and set Auth-Type to Reject.
>
>
> If I have three access points I don't want users to access, can I do
> something like below?
>
> +-----+------------------+----------------+-------+-------+-----------+
> | id | nasname | shortname | type | ports | secret |
> +-----+------------------+----------------+-------+-------+-----------+
> | 136 | 172.18.100.8 | ap-2000-cd6 | other | NULL | letmelook |
> | 11 | 172.18.100.4 | ap2000-cd-2 | other | NULL | letmelook |
> | 10 | 172.18.100.5 | ap2000-cd-3 | other | NULL | letmelook |
>
>
> DEFAULT shortname == ap-2000-cd6, Auth-type := reject,
> Fall-Through = yes
>
> DEFAULT shortname == ap2000-cd-2, Auth-type := reject
> Fall-Through = yes
>
> DEFAULT shortname == ap2000-cd-3, Auth-type := reject
Not sure.
In FR-2.x you should be able to use
DEFAULT Client-Shortname == ap-2000-cd6, Auth-type := reject,
Fall-Through = yes
... or create some unlang policy using the variable
"%{Client-Shortname}". But AFAIK unlang is 2.x, so I'm not sure
whether the attribute is also filled in FR-1.x.
I highly suggest you upgrade. Which OS/distro do you use? Most linux
distros (even the "ancient" centos5 or ubuntu hardy) have a
ready-to-use FR2 package.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
