MAC Address Validation for phones

Matthieu Lazaro matthieu.lazaro at eservglobal.com
Mon Sep 7 17:22:27 CEST 2009


Hello list,

I need some help on some unlang portion (if this is the right solution).

Here is context: I need to do 802.1x on Ethernet switch for dynamic VLAN
assignment for PCs .
The problem is I have some phones connected between the PC and the switch.
I don't want the users to login 802.1X with the phones so I have set
them up to do MAC address user name and password without annoying the
user over CHAP.
Using users files works perfectly for my phones, as the ldap back end is
for PC users.

However, I have 300 phones that can be replaced if they are broken and I
don't want to store all the info by hand in the users file.

I tried to put this in the users file:

if     ( "%{User-Name}" =~ "00030BCA[0-9A-F]+" ) {
                 "%{Cleartext-Password}" == "%{User-Name}"
                }

Put it doesn't work because CHAP cannot find the user and his clear text
password.

So I guess I have put it in the wrong section AND/OR have done something
wrong with my if but I can't find a way of checking as radius seems not
to bother about it.
I also tried to put it in the authentication section without success.
I have read this http://wiki.freeradius.org/Mac-Auth but it seems too
advanced for what I want to do as I don't need to rewrite anything. This
guided me to try and put the script somewhere else.

Thanks for your precious help.

Best Regards,

Matt



More information about the Freeradius-Users mailing list