It's the section for the sites/default file that makes mac auth work. Honestly, I'm new at this. I used the stock pollicy that came with the Debian package, and just tacked on the the rewrite station ID at the end, before the last "}"<br>
<br>If I where you, I'd start from scratch, and follow the wiki page, it should be correct now. I just got lucky in noticing typos.<br><br>-Joren<br><br><br><div class="gmail_quote">On Mon, Apr 11, 2011 at 4:09 AM, syharash <span dir="ltr"><<a href="mailto:syharash@yahoo.com">syharash@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Joren,<br>
<br>
This is how my policy looks, could you please let me know what changes do i<br>
need to make, to make the mac-authentication work;<br>
<br>
policy {<br>
        #<br>
        # Rewrite called station id attribute into a standard format.<br>
        #<br>
        rewrite_calling_station_id {<br>
                if(request:Calling-Station-Id =~<br>
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){<br>
                        update request {<br>
                                Calling-Station-Id :=<br>
"%{1}-%{2}-%{3}-%{4}-%{5}-%{6}"<br>
                        }<br>
                }<br>
                else {<br>
                        noop<br>
                }<br>
        }<br>
        #<br>
        #       Forbid all EAP types.<br>
        #<br>
        forbid_eap {<br>
                if (EAP-Message) {<br>
                        reject<br>
                }<br>
        }<br>
<br>
        #<br>
        #       Forbid all non-EAP types outside of an EAP tunnel.<br>
        #<br>
        permit_only_eap {<br>
                if (!EAP-Message) {<br>
                        #  We MAY be inside of a TTLS tunnel.<br>
                        #  PEAP and EAP-FAST require EAP inside of<br>
                        #  the tunnel, so this check is OK.<br>
                        #  If so, then there MUST be an outer EAP message.<br>
                        if (!"%{outer.request:EAP-Message}") {<br>
                                reject<br>
                        }<br>
                }<br>
        }<br>
<br>
        #<br>
<br>
also my /etc/raddb/users file looks like this;<br>
<br>
DEFAULT<br>
                Tunnel-Type = VLAN,<br>
                Tunnel-Medium-Type = IEEE-802,<br>
                Service-Type = Framed-User,<br>
                Fall-Through = Yes<br>
<br>
00-1F-3C-D1-2B-6C<br>
                        User-Name = "subhash",<br>
                        Cleartext-Password = "sub@1979",<br>
                        Tunnel-Private-Group-ID = "17"<br>
<font color="#888888"><br>
<br>
--<br>
View this message in context: <a href="http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html" target="_blank">http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html</a><br>

Sent from the FreeRadius - User mailing list archive at Nabble.com.<br>
</font><div><div></div><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>