Mac based auth
jonr at destar.net
jonr at destar.net
Tue Nov 28 21:31:59 CET 2006
> > Could I also do:
> >
> > bob password = "neil", Calling-Station-Id != "0001....", Auth-Type :=
> Reject
> >
> > So that both pieces of information have to be present to be authenticated?
>
> No, that would always reject the user. You could do this:
>
> bob Calling-Station-Id != "0001....", Auth-Type := Reject
>
> bob User-Password := "neil"
Well thats too easy. :)
> Can you instead use rlm_checkval like this:
>
> modules {
> passwd user2allowedmacs {
> filename = /etc/raddb/user2allowedmacs
> format = "*User-Name:Calling-Station-Id"
> hashsize = 100
> allowmultiplekeys = yes
> }
> checkval usermacs {
> item-name = Calling-Station-Id
> check-name = Calling-Station-Id
> data-type = string
> notfound-reject = yes
> }
> }
Which file would the above be placed in and does it need to be placed in a
certain area of the file or can it just be added to the bottom of the file? And
when I see 'rlm_' I think realm which makes me think ldap or kerberos, neither
of which I am using, will this be a problem?
> authorize {
> preprocess
> user2allowedmacs
> usermacs
> # other stuff
> }
So whatever I name my module I will have to add to the authorize stanza in the
radius.conf file, correct?
> /etc/raddb/user2allowedmacs:
>
> user1:001122334455
> user1:aabbccddeeff
> user2:0123456789ab
>
> ...I think that ought to work?
Thanks for the info, this is gold!
Jon
More information about the Freeradius-Users
mailing list