<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 77.95pt 1.0in 77.95pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I apologize for the previous spam! I kind of figured out my
problem. Then I tried to fix it and now I have a new problem!!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>So I want to authenticate devices when both User-Name and User-Password
are the same and are both the MAC of the device. My <b><font color=blue><span
style='color:blue;font-weight:bold'>default</span></font></b> files look like:<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>authorize {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
…<o:p></o:p></span></font></p>
<p class=MsoPlainText style='margin-left:.5in;text-indent:.5in'><font size=2
color=red face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:red'>if((Service-Type == 'Call-Check') && (User-Name =~
/^%{Calling-Station-ID}$/i)){<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
update
control {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
Auth-Type
= 'Auth-NHSTB'<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText style='text-indent:.5in'><font size=2 color=red
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>…<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=red face="Times New Roman"><span
style='font-size:12.0pt;color:red'>authenticate {</span></font><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
Auth-Type Auth-NHSTB {<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
if</span></font><font size=2 color=blue face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:blue'>(%{request:User-Password} == %{request:User-Name}</span></font><font
size=2 color=red face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:red'>) {<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
else{<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>However when I try to run Radius I keep getting this error:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>Expected regular expression at:
request:User-Password)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>/etc/raddb/sites-enabled/default[308]:
Failed to parse "if" subsection.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'>Errors initializing modules<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=red face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:red'><o:p> </o:p></span></font></p>
<div>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I also tried I lot other syntax and different operators as well but the
error is still there… What is the right syntax?? Thank you!<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Guest-tek, <st1:PersonName w:st="on">Difan Zhao</st1:PersonName><o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>difan.zhao@guest-tek.com<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>www.guest-tek.com<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Office: 403-509-1010 ext 3048<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Cell: 403-689-7514<o:p></o:p></span></font></p>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
freeradius-users-bounces+difan.zhao=guest-tek.com@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek.com@lists.freeradius.org]
<b><span style='font-weight:bold'>On Behalf Of </span></b><st1:PersonName
w:st="on">Difan Zhao</st1:PersonName><br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, December 29, 2009
11:09 AM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">FreeRadius
users mailing list</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: MAC authentication
bypass --- How amIsupposedto?edit?theusersfile to include multiple MAC
addresses??</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Greetings,<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I hope you all had a wonderful Christmas holidays!<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>So I continued my work this morning. It looks like it can authenticate
the devices (<font color=red><span style='color:red'>with the certain MAC
address pattern</span></font>) however from the Radius –X output (which I
attached here) it doesn’t seem to authenticate it the way I want it.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Let me repeat my logic here: if the MAC addresses match the pattern,
use the <b><font color=blue><span style='color:blue;font-weight:bold'>User-Name</span></font></b>
(or <b><font color=blue><span style='color:blue;font-weight:bold'>Calling-station-ID</span></font></b>,
since I <b><font color=blue><span style='color:blue;font-weight:bold'>“rewrite”</span></font></b>
it to be the same as the User-name) and the password (<font color=red><span
style='color:red'>which is made to be the same as the User-name as well)</span></font>
to authenticate the device.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>However it looks like my <b><font color=blue><span style='color:blue;
font-weight:bold'>“if”</span></font></b> conditions are all matched
during the process however they all returned <b><font color=blue><span
style='color:blue;font-weight:bold'>“noop”</span></font></b>
instead of <b><font color=blue><span style='color:blue;font-weight:bold'>updating</span></font></b>
the information I wanted it to.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Here are the <b><font color=blue><span style='color:blue;font-weight:
bold'>configurations</span></font></b> I made in the <b><font color=blue><span
style='color:blue;font-weight:bold'>policy.conf</span></font></b> and <b><font
color=blue><span style='color:blue;font-weight:bold'>/sites-avaliable/default</span></font></b>
files<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>Policy.conf:<o:p></o:p></span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'><o:p> </o:p></span></font></b></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>policy {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
…<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
rewrite_calling_station_id {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
if(request:Calling-Station-Id =~
/00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
update request {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
Calling-Station-Id := "00a008%{1}%{2}%{3}"<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
else {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
noop<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'> }<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>}</span></font>
<o:p></o:p></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>Default:<o:p></o:p></span></font></b></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>authorize {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
…<o:p></o:p></span></font></p>
<p class=MsoPlainText style='margin-left:.5in;text-indent:.5in'><font size=2
color=red face="Courier New"><span style='font-size:10.0pt;color:red'>rewrite_calling_station_id<o:p></o:p></span></font></p>
<p class=MsoPlainText style='margin-left:.5in;text-indent:.5in'><font size=2
color=red face="Courier New"><span style='font-size:10.0pt;color:red'>if((Service-Type
== 'Call-Check') && (User-Name =~ /^%{Calling-Station-ID}$/i)){<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
update control {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
Auth-Type = 'Auth-NHSTB'<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText style='text-indent:.5in'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>authenticate {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
…<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
Auth-Type Auth-NHSTB {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
if(Chap-Password){<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
update control {<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
Cleartext-Password := "%{User-Name}"<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
chap<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
else{<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
</span></font><b><font color=blue><span
style='color:blue;font-weight:bold'>ok<o:p></o:p></span></font></b></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>
}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=red face="Courier New"><span
style='font-size:10.0pt;color:red'>}<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>It seems to me that the last <b><font color=blue><span
style='color:blue;font-weight:bold'>“ok”</span></font></b>
authenticated the device, instead of using <b><font color=blue><span
style='color:blue;font-weight:bold'>“chap”</span></font></b> and
the <b><font color=blue><span style='color:blue;font-weight:bold'>“Cleartext-Password”</span></font></b>
that I assigned. Any ideas? Thank you!<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Guest-tek, <st1:PersonName w:st="on">Difan Zhao</st1:PersonName><o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>difan.zhao@guest-tek.com<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>www.guest-tek.com<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Office: 403-509-1010 ext 3048<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Cell: 403-689-7514<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>