convert mac adresses to lower case
Leander S.
info at netocean.de
Mon Sep 20 16:44:13 CEST 2010
Am 20.09.10 15:51, schrieb Alexander Clouter:
> PENZ Robert<ROBERT.PENZ at tirol.gv.at> wrote:
>> and I've different switch types. Some send the MAC address lower case
>> the others upper case. For switches which send it lower it case it
>> works (as the macs are stored lower case in the db). How can I convert
>> them all in the clear text password attribute to lower case? The
>> attr_rewrite module looks good, but the only way I see is to have 6
>> rewrite rules each replacing one letter, but that seems inefficient.
>> The matching in the SQL Database works case insensitive and returns a
>> row but the pap check logs following:
>>
> Do the mac-auth via unlang and not PAP.
> ----
> policy {
> ...
>
> mac_auth {
> if (Realm == NULL&& !(EAP-Message)&& NAS-Port-Type == Ethernet \
> && Service-Type == Call-Check \
> && User-Name == "%{User-Password}" \
> && User-Name =~ /^[0-9a-f]{12}$/i \
> && Calling-Station-Id =~ /^([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})$/i \
> && User-Name =~ /^%{1}%{2}%{3}%{4}%{5}%{6}$/i) {
> ok
> }
> else {
> noop
> }
> }
>
> ...
> }
>
> authorize {
> ...
>
> mac_auth
> if (ok) {
> update control {
> Auth-Type := Accept
> }
>
> # 'handled' does not work here
> ok = return
> }
>
> ...
> }
> ----
>
> You might need to tweak the policy{} rule to meet your local needs; the
> above is what I use for our Cisco switches. You could tweak the above
> so that 'mac_auth' sets 'Cleartext-Password = "%{User-Password}"' but
> I personally cannot see the reason to bother when you can just skip
> authenticate{} completely.
>
> If you really do need to lowercase something, the only way to do it
> really is to use 'exec' and call 'tr A-F a-f', nasty but it works.
>
> Cheers
>
If your using SQL then I would simply modify the SQL querry to INSERT
everything in lower case only PLUS to SELECT everything in lowercase
only. You can simply modify those querries afaik. I just figured that as
well and it made my live WAY easier - but I used it for my MailServer
configuration - and it works perfect - no matter whether its PostgreSQL
(which I'm using), or MySQL ... even others such as Oracle, etc. offer
those functions.
More information about the Freeradius-Users
mailing list