Greetings,

 

I hope you all had a wonderful Christmas holidays!

 

So I continued my work this morning. It looks like it can authenticate the devices (with the certain MAC address pattern) however from the Radius –X output (which I attached here) it doesn’t seem to authenticate it the way I want it.

 

Let me repeat my logic here: if the MAC addresses match the pattern, use the User-Name (or Calling-station-ID, since I “rewrite” it to be the same as the User-name) and the password (which is made to be the same as the User-name as well) to authenticate the device.

 

However it looks like my “if” conditions are all matched during the process however they all returned “noop” instead of updating the information I wanted it to.

 

Here are the configurations I made in the policy.conf and /sites-avaliable/default files

 

Policy.conf:

 

policy {

        …

        rewrite_calling_station_id {

                if(request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {

                        update request {

                                Calling-Station-Id := "00a008%{1}%{2}%{3}"

                        }

                }

                else {

                        noop

                }

        }

}      

 

 

Default:

 

authorize {

            …

rewrite_calling_station_id

if((Service-Type == 'Call-Check') && (User-Name =~ /^%{Calling-Station-ID}$/i)){

                  update control {

                        Auth-Type = 'Auth-NHSTB'

                  }

    }

}

 

authenticate {

                  …

                  Auth-Type Auth-NHSTB {

                  if(Chap-Password){

                        update control {

                                Cleartext-Password := "%{User-Name}"

                        }

                        chap

                  }

                  else{

                              ok

                  }

             }

}

 

It seems to me that the last “ok” authenticated the device, instead of using “chap” and the “Cleartext-Password” that I assigned. Any ideas? Thank you!

 

Guest-tek, Difan Zhao

difan.zhao@guest-tek.com

www.guest-tek.com

Office: 403-509-1010 ext 3048

Cell: 403-689-7514