very long regular expression...
Norbert Grochal
norboro at celpol.pl
Fri Nov 24 14:12:59 CET 2006
> Do something like:
>
> modules {
> passwd mac2ok {
> filename = /etc/raddb/mac2ok
> format = "*Calling-Station-Id:~My-Local-String"
> hashsize = 100
> }
>
> # other modules
> }
>
> authorize {
> preprocess
> mac2ok
> files
> # other modules
> }
>
> Make "/etc/raddb/mac2ok" read:
>
> 008012323244:ok
> 002938475473:ok
>
> ...then in "users" put:
>
> DEFAULT My-Local-String != "ok", Auth-Type := Reject
> Reply-Message = "calling station id not allowed",
> Fall-Through = No
>
> # Other config items
>
> Depending on the version of the server, you might need the following in
> /etc/raddb/dictionary:
>
> ATTRIBUTE My-Local-String 3000 string
OK, It almost works fine, but if there is no mac in my mac2ok file then
users file doesn't put REJECT into Auth-Type.
I have added that line at the begining of users file:
DEFAULT Auth-Type := REJECT, My-Local-String !* "a"
and if there is no mac in mac2ok file then user cannot login into network.
but if there is mac in mac2ok file (so My-Local-String exist) I have always:
rlm_eap_peap: Had sent TLV failure, rejecting.
My freeradius version is 1.1.0
If I remove the first line from users file all is ok. Users can login only
from specified access points.
The first line in users file works fine, if there is no mac in mac2ok
file...
Can I add at the begining or at the end (?) of mac2ok file something like
*:bad
and everything will be 'bad' but ok will be overwritten by 'good' ??
Norbert
More information about the Freeradius-Users
mailing list