Two different sources, one with a single value

Martin.Ward at uk.neceur.com Martin.Ward at uk.neceur.com
Thu Sep 15 18:29:34 CEST 2005


Alan DeKok wrote:
>Martin.Ward at uk.neceur.com wrote:
>> For the MAC address I want a flat file with just the MAC addresses in
it. I
>> have tried using the passwd module and just ignoring the User-Password
>> attribute like so:
>>
>>         passwd mac_address {
>>                 filename = /var/mac_addresses
>>                 format = "*User-Name"
>>         }
>
>  You're also ignoring the authentication method.  I suggest adding a
>User-Password to that table.

I think I'm missing something here between the use of the authenticate and
authorize sections. Using the above example, the system that passes the MAC
address in to find out if it's valid passes the MAC address in both the
User-Name and User-Password fields. I was hoping to be able to get away
with just authenticating against the User-Name and having just one field in
the table, however if I can't then I can't. As for authorizing, surely for
the MAC address checking I don't need to have an authorize section, the
authenticate section verifies if the MAC address is in the table or not and
if it is, it passes it in?

Then again, if I am authenticating against the MAC address and then
authorizing against the unix login ID and password, does this mean a given
user has to be in BOTH tables to gain access?

|\/|artin
--
Senior Network Administrator, NEC (Europe) Ltd.
Acton extension: 3379
NEC*Net: 800-44-21-3379
Direct: +44 20 8752 3379
Fax: +44 20 8752 3389
Mobile: +44 7721 869 356




More information about the Freeradius-Users mailing list