Mac Authorization

Joren Love jlove at ecotrust.org
Sat Apr 16 20:17:54 CEST 2011


It's the section for the sites/default file that makes mac auth work.
Honestly, I'm new at this. I used the stock pollicy that came with the
Debian package, and just tacked on the the rewrite station ID at the end,
before the last "}"

If I where you, I'd start from scratch, and follow the wiki page, it should
be correct now. I just got lucky in noticing typos.

-Joren


On Mon, Apr 11, 2011 at 4:09 AM, syharash <syharash at yahoo.com> wrote:

> Joren,
>
> This is how my policy looks, could you please let me know what changes do i
> need to make, to make the mac-authentication work;
>
> policy {
>        #
>        # Rewrite called station id attribute into a standard format.
>        #
>        rewrite_calling_station_id {
>                if(request:Calling-Station-Id =~
>
> /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
>                        update request {
>                                Calling-Station-Id :=
> "%{1}-%{2}-%{3}-%{4}-%{5}-%{6}"
>                        }
>                }
>                else {
>                        noop
>                }
>        }
>        #
>        #       Forbid all EAP types.
>        #
>        forbid_eap {
>                if (EAP-Message) {
>                        reject
>                }
>        }
>
>        #
>        #       Forbid all non-EAP types outside of an EAP tunnel.
>        #
>        permit_only_eap {
>                if (!EAP-Message) {
>                        #  We MAY be inside of a TTLS tunnel.
>                        #  PEAP and EAP-FAST require EAP inside of
>                        #  the tunnel, so this check is OK.
>                        #  If so, then there MUST be an outer EAP message.
>                        if (!"%{outer.request:EAP-Message}") {
>                                reject
>                        }
>                }
>        }
>
>        #
>
> also my /etc/raddb/users file looks like this;
>
> DEFAULT
>                Tunnel-Type = VLAN,
>                Tunnel-Medium-Type = IEEE-802,
>                Service-Type = Framed-User,
>                Fall-Through = Yes
>
> 00-1F-3C-D1-2B-6C
>                        User-Name = "subhash",
>                        Cleartext-Password = "sub at 1979",
>                        Tunnel-Private-Group-ID = "17"
>
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110416/575d09d7/attachment.html>


More information about the Freeradius-Users mailing list