Active Directory and Calling-Station-Id

Ethariel ethariel at gmail.com
Tue Jun 13 11:05:53 CEST 2017


Ok,

I've found using another syntax :
in radcheck table :
customer1 Calling-Station-Id =~ AA-AA-AA-AA-AA-AA|BB-BB-BB-BB-BB-BB

Have a good day


2017-06-13 10:11 GMT+02:00 Ethariel <ethariel at gmail.com>:
> Hello to all again,
>
> as said all is working for checking multiple MAC addresses using "users" file.
>
> Now I'm trying to use SQL and I don't figure how to "convert" "users"
> file to sql table.
>
> I've read https://wiki.freeradius.org/modules/Rlm_sql and with one MAC
> address it's ok with :
>
> customer1 Calling-Station-Id == "BB-BB-BB-BB-BB-BB" in radcheck table
> customer1 wifi 1 in radusergroup
> wifi Auth-Type := reject in radgroupcheck
> read_groups directive set to "no"
>
> If the customer1 is connecting with the correct MAC address as there
> is no Fall-Through, the Group processing doesn't apply.
> If the customer1 is connecting with another MAC, then user is found,
> check item do not match so Group processing applies.
>
> But with two MAC addresses :
> customer1 Calling-Station-Id == "BB-BB-BB-BB-BB-BB" in radcheck table
> customer1 Calling-Station-Id == "AA-AA-AA-AA-AA-AA" in radcheck table
> Group processing always applies as one of the two lines above is not
> corresponding to the current connection.
>
> How can I do ?
>
> Thks a lot for your help
>
> Ethariel
>
> 2017-02-22 12:37 GMT+01:00 Brian Candler <b.candler at pobox.com>:
>> If you want to allow multiple MAC addresses then you could either do a regex
>> match, or you could split the logic like this:
>> customer2  Calling-Station-Id == "BB-BB-BB-BB-BB-BB"
>>
>> customer2  Calling-Station-Id == "CC-CC-CC-CC-CC-CC"
>>
>> customer2  Auth-Type := Reject
>>            Reply-Message := "Wrong MAC Address"
>>
>> The first two entries make no updates to either control or reply lists.
>> However since they don't have "Fall-Through := 1" then all subsequent
>> entries for the same username are skipped.


More information about the Freeradius-Users mailing list