A Check attriubutes check to see if the value of the attributes
received in the Authentication request (like Caller-ID, NAS-Port-TYpe,
etc) is equal to the value of the same attribute in the Check
attribute itself. If the value is different, the user is rejected.
For example, you can set a check attribute of NAS-Port-Type = Async,
and prevent the used from loggin on sync/isdn.
Check attributes are NOT sent back to the NAS is the accept
(reply) list. For example, telling a NAS the NAS-Port-Type
after the user logs in is pointless (its already established),
but telling the NAS how many ports the user can have (Port-Limit)
can pevent the user from establihing additional MPP connections.
For the users file, check attributes follow the password on the
user Password = "blah", NAS-Port-Type = Async
User-Service = Framed-User
Framed-Protoocl = PPP
Port-Limit = 1
You DO NOT include NAS-Port-Type in the reply list (whih is all
attributes after the first line).
For a database (RadiusNT 2.5 only), the radcheck field tells
RadiusNT whether the attribute is a check atribute (non zero)
or a reply attribute (0).
-- Dale E. Reed Jr. (email@example.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com