It's the section for the sites/default file that makes mac auth work. Honestly, I'm new at this. I used the stock pollicy that came with the Debian package, and just tacked on the the rewrite station ID at the end, before the last "}"
If I where you, I'd start from scratch, and follow the wiki page, it should be correct now. I just got lucky in noticing typos.
-Joren
Joren,
This is how my policy looks, could you please let me know what changes do i
need to make, to make the mac-authentication work;
policy {
#
# Rewrite called station id attribute into a standard format.
#
rewrite_calling_station_id {
if(request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
update request {
Calling-Station-Id :=
"%{1}-%{2}-%{3}-%{4}-%{5}-%{6}"
}
}
else {
noop
}
}
#
# Forbid all EAP types.
#
forbid_eap {
if (EAP-Message) {
reject
}
}
#
# Forbid all non-EAP types outside of an EAP tunnel.
#
permit_only_eap {
if (!EAP-Message) {
# We MAY be inside of a TTLS tunnel.
# PEAP and EAP-FAST require EAP inside of
# the tunnel, so this check is OK.
# If so, then there MUST be an outer EAP message.
if (!"%{outer.request:EAP-Message}") {
reject
}
}
}
#
also my /etc/raddb/users file looks like this;
DEFAULT
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Service-Type = Framed-User,
Fall-Through = Yes
00-1F-3C-D1-2B-6C
User-Name = "subhash",
Cleartext-Password = "sub@1979",
Tunnel-Private-Group-ID = "17"
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.