Hi Russel, So we have LDAP auth here. At this time it works fine. But now we want to added 2 auth, so for example like we want to check the valid user id / password from LDAP and also the MAC address listed from the user attribute in the LDAP.
The ldap attribute mapped properly : checkItem Called-Station-Id radiusCalledStationId checkItem Calling-Station-Id radiusCallingStationId so the goal is to make sure that the user is only login from his / her company device that associated with their user profile in LDAP. I already make sure that the user have the attribute radiusCallingStationId set correctly. Thanks Danny On Wed, Mar 13, 2013 at 7:08 PM, Russell Mike <[email protected]> wrote: > Hi Dan, > What Reject ? And MAC address listed where? Are you working around MAC > authentication? FR MAC auth is working for me, I use CoovaChilli as NAS. > > 0.) MAc address would exist as user in MySQL DB or file > 1.) Configure NAS to send MAC-Addr as username to Freeradius > 2.) And do the following at Freeradius side. > username="<mac address>";attribute="Auth-Type";op=":=";value="Accept" > > Thanks / Regards > RM -- > > > On Wed, Mar 13, 2013 at 10:49 AM, Danny Kurniawan < > [email protected]> wrote: > >> Hi Russel, >> >> Thanks for that. However it seems the check-name cant even populated. as >> you can see from my log file. >> >> +- entering group authorize {...} >> ++[preprocess] returns ok >> rlm_checkval: Item Name: Calling-Station-Id, Value: A0-88-B4-0F-C3-D8 >> >> rlm_checkval: *Could not find attribute named * >> *Calling-Station-Id in check pairs* >> ++[checkval] returns notfound >> [auth_log] expand: >> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> >> /var/log/radius/radacct/172.21.118.231/auth-detail-20130313 >> [auth_log] >> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to >> /var/log/radius/radacct/172.21.118.231/auth-detail-20130313 >> [auth_log] expand: %t -> Wed Mar 13 17:47:09 2013 >> >> >> I check the ldap.attrmap and its correctly mapped to the LDAP attribute. >> >> So how to make sure that Radius reject the request when the MAC address >> is not listed.. thats what i want to achieve >> >> Thanks >> Danny >> >> >> On Wed, Mar 13, 2013 at 4:51 PM, Russell Mike <[email protected]>wrote: >> >>> checkval can helpful when you need to apply NAS-identifier & >>> Calling-Station-Id - FR attributes. >>> >>> checkval calledstationid { >>> item-name = Called-Station-Id >>> check-name = Called-Station-Id >>> data-type = string >>> notfound-reject = no >>> } >>> >>> >>> checkval nasidentifier { >>> item-name = NAS-Identifier >>> check-name = NAS-Identifier >>> data-type = string >>> notfound-reject = no >>> } >>> >>> >>> Thanks / Regards >>> RM -- >>> >>> >>> >>> On Wed, Mar 13, 2013 at 7:53 AM, Danny Kurniawan < >>> [email protected]> wrote: >>> >>>> Hi All. >>>> >>>> I found this error when enabled checkval >>>> >>>> rlm_checkval: Could not find attribute named Calling-Station-Id in >>>> check pairs >>>> ++[checkval] returns notfound >>>> ++[expiration] returns noop >>>> >>>> What is the meaning of that error? >>>> >>>> Thanks in advance >>>> >>>> -- >>>> Best Regards, >>>> Danny >>>> >>>> - >>>> List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>>> >>> >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >> >> -- >> Best Regards, >> Danny >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Best Regards, Danny
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
