I apologize for the previous spam! I kind of figured out my
problem. Then I tried to fix it and now I have a new problem!!
So I want to authenticate devices when both User-Name and User-Password
are the same and are both the MAC of the device. My default files look like:
authorize {
…
if((Service-Type == 'Call-Check') && (User-Name =~
/^%{Calling-Station-ID}$/i)){
update
control {
Auth-Type
= 'Auth-NHSTB'
}
}
}
…
authenticate {
Auth-Type Auth-NHSTB {
if(%{request:User-Password} == %{request:User-Name}) {
ok
}
else{
noop
}
}
}
However when I try to run Radius I keep getting this error:
Expected regular expression at:
request:User-Password)
/etc/raddb/sites-enabled/default[308]:
Failed to parse "if" subsection.
Errors initializing modules
I also tried I lot other syntax and different operators as well but the
error is still there… What is the right syntax?? Thank you!
Guest-tek,
difan.zhao@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
From:
freeradius-users-bounces+difan.zhao=guest-tek.com@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek.com@lists.freeradius.org]
On Behalf Of
Sent: Tuesday, December 29, 2009
11:09 AM
To:
Subject: RE: MAC authentication
bypass --- How amIsupposedto?edit?theusersfile to include multiple MAC
addresses??
Greetings,
I hope you all had a wonderful Christmas holidays!
So I continued my work this morning. It looks like it can authenticate
the devices (with the certain MAC
address pattern) however from the Radius –X output (which I
attached here) it doesn’t seem to authenticate it the way I want it.
Let me repeat my logic here: if the MAC addresses match the pattern,
use the User-Name
(or Calling-station-ID,
since I “rewrite”
it to be the same as the User-name) and the password (which is made to be the same as the User-name as well)
to authenticate the device.
However it looks like my “if” conditions are all matched
during the process however they all returned “noop”
instead of updating
the information I wanted it to.
Here are the configurations I made in the policy.conf and /sites-avaliable/default
files
Policy.conf:
policy {
…
rewrite_calling_station_id {
if(request:Calling-Station-Id =~
/00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {
update request {
Calling-Station-Id := "00a008%{1}%{2}%{3}"
}
}
else {
noop
}
}
}
Default:
authorize {
…
rewrite_calling_station_id
if((Service-Type
== 'Call-Check') && (User-Name =~ /^%{Calling-Station-ID}$/i)){
update control {
Auth-Type = 'Auth-NHSTB'
}
}
}
authenticate {
…
Auth-Type Auth-NHSTB {
if(Chap-Password){
update control {
Cleartext-Password := "%{User-Name}"
}
chap
}
else{
ok
}
}
}
It seems to me that the last “ok”
authenticated the device, instead of using “chap” and
the “Cleartext-Password”
that I assigned. Any ideas? Thank you!
Guest-tek,
difan.zhao@guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514