Active Directory and Calling-Station-Id
Ethariel
ethariel at gmail.com
Tue Jun 13 10:11:40 CEST 2017
Hello to all again,
as said all is working for checking multiple MAC addresses using "users" file.
Now I'm trying to use SQL and I don't figure how to "convert" "users"
file to sql table.
I've read https://wiki.freeradius.org/modules/Rlm_sql and with one MAC
address it's ok with :
customer1 Calling-Station-Id == "BB-BB-BB-BB-BB-BB" in radcheck table
customer1 wifi 1 in radusergroup
wifi Auth-Type := reject in radgroupcheck
read_groups directive set to "no"
If the customer1 is connecting with the correct MAC address as there
is no Fall-Through, the Group processing doesn't apply.
If the customer1 is connecting with another MAC, then user is found,
check item do not match so Group processing applies.
But with two MAC addresses :
customer1 Calling-Station-Id == "BB-BB-BB-BB-BB-BB" in radcheck table
customer1 Calling-Station-Id == "AA-AA-AA-AA-AA-AA" in radcheck table
Group processing always applies as one of the two lines above is not
corresponding to the current connection.
How can I do ?
Thks a lot for your help
Ethariel
2017-02-22 12:37 GMT+01:00 Brian Candler <b.candler at pobox.com>:
> If you want to allow multiple MAC addresses then you could either do a regex
> match, or you could split the logic like this:
> customer2 Calling-Station-Id == "BB-BB-BB-BB-BB-BB"
>
> customer2 Calling-Station-Id == "CC-CC-CC-CC-CC-CC"
>
> customer2 Auth-Type := Reject
> Reply-Message := "Wrong MAC Address"
>
> The first two entries make no updates to either control or reply lists.
> However since they don't have "Fall-Through := 1" then all subsequent
> entries for the same username are skipped.
More information about the Freeradius-Users
mailing list