
It's the section for the sites/default file that makes mac auth work. Honestly, I'm new at this. I used the stock pollicy that came with the Debian package, and just tacked on the the rewrite station ID at the end, before the last "}"<br>

<br>If I where you, I'd start from scratch, and follow the wiki page, it should be correct now. I just got lucky in noticing typos.<br><br>-Joren<br><br><br><div class="gmail_quote">On Mon, Apr 11, 2011 at 4:09 AM, syharash <span dir="ltr"><<a href="mailto:syharash@yahoo.com">syharash@yahoo.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Joren,<br>

<br>

This is how my policy looks, could you please let me know what changes do i<br>

need to make, to make the mac-authentication work;<br>

<br>

policy {<br>

        #<br>

        # Rewrite called station id attribute into a standard format.<br>

        #<br>

        rewrite_calling_station_id {<br>

                if(request:Calling-Station-Id =~<br>

/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){<br>

                        update request {<br>

                                Calling-Station-Id :=<br>

"%{1}-%{2}-%{3}-%{4}-%{5}-%{6}"<br>

                        }<br>

                }<br>

                else {<br>

                        noop<br>

                }<br>

        }<br>

        #<br>

        #       Forbid all EAP types.<br>

        #<br>

        forbid_eap {<br>

                if (EAP-Message) {<br>

                        reject<br>

                }<br>

        }<br>

<br>

        #<br>

        #       Forbid all non-EAP types outside of an EAP tunnel.<br>

        #<br>

        permit_only_eap {<br>

                if (!EAP-Message) {<br>

                        #  We MAY be inside of a TTLS tunnel.<br>

                        #  PEAP and EAP-FAST require EAP inside of<br>

                        #  the tunnel, so this check is OK.<br>

                        #  If so, then there MUST be an outer EAP message.<br>

                        if (!"%{outer.request:EAP-Message}") {<br>

                                reject<br>

                        }<br>

                }<br>

        }<br>

<br>

        #<br>

<br>

also my /etc/raddb/users file looks like this;<br>

<br>

DEFAULT<br>

                Tunnel-Type = VLAN,<br>

                Tunnel-Medium-Type = IEEE-802,<br>

                Service-Type = Framed-User,<br>

                Fall-Through = Yes<br>

<br>

00-1F-3C-D1-2B-6C<br>

                        User-Name = "subhash",<br>

                        Cleartext-Password = "sub@1979",<br>

                        Tunnel-Private-Group-ID = "17"<br>

<font color="#888888"><br>

<br>

--<br>

View this message in context: <a href="http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html" target="_blank">http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html</a><br>


Sent from the FreeRadius - User mailing list archive at Nabble.com.<br>

</font><div><div></div><div class="h5">-<br>

List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>

</div></div></blockquote></div><br>