Phil Mayers <p.mayers@imperial.ac.uk> wrote:
I think it's Arran who maintains that page, however the rewrite_calling_station_id looks like it was palmed off me at some stage. That *is* needed unless you are quite-quite-mad and enjoy twenty different representations for your MAC addresses in your databases :)
Sure; we have something similar
We *actually* abuse Postgres' macaddr datatype by doing this:
Goddamnit, first I discover all the CIDR bits and think how great that is, but I never thought to look if there was a MAC address one.
update request { Calling-Station-Id = "%{sql:select '%{Calling-Station-Id}'::macaddr}" }
Not quite there, but it could be IC's entry for the DWTF? ;P On a serious note, that is going to be a ballache if your SQL server goes walkies...
...which handles all the various cases quite nicely, but returns Postgres' :-separated version, which is fine (and what we prefer).
My brain prefers ':', however '-' was in an RFC I read some time back when reading about Called-Station-Id's and SSID's: http://tools.ietf.org/html/rfc3580#section-3.20
Anyone who wrote the page, and why it uses that method?
The page looks fine to me, is it the enforcing and checking for RFCness
*What* RFCness?
Apparently, guessing this is Aaran spending too much absorbing the IETF website, RFC2865 says "though shalt use 'Call-Check' for mac-auth", I have not read it myself.
that seems overkill to you? Cisco switches use PAP instead of CHAP, but other than that whats the problem?
I've never seen a mac-auth implementation sending CHAP requests, which seems like lunacy, so have never considered there might be a need to execute the "authenticate" section, or synthesise a Cleartext-Password.
...but this is what makes HP special :) http://wiki.freeradius.org/index.php?title=HP#Mac-Based I agree, is is rather daft, I'm surprised User-Password even appears for a PAP approach.
But even so, I don't see the value in executing a modules .authorize handler in the post-auth section, or having a whole separate Auth-Type value.
Right, this I agree with, I nuke the request in authorize too.
Shrug. Not a big deal really. To each his own.
Many ways to skin this cat... Cheers -- Alexander Clouter .sigmonster says: Really?? What a coincidence, I'm shallow too!!