WiFi & Mac address authentication
brainstorm
braincode at gmail.com
Mon Mar 13 00:16:38 CET 2006
I'm trying to implement a similar scenario: I am using PEAP, and I
want to check if a given mac is in my database. In my case, the MACs
file looks like this:
0030.0996.CF52:192.168.12.1
I would like to match the first field (MAC) with the NAS
"Calling-Station-Id" attribute, if this check fails, I would like to
reject that user. Is it doable with rlm_password ? I've tried, but I
cannot figure out which is the right "format" for my case:
I've tried the following in radiusd.conf:
modules {
(...)
passwd mac-ip {
filename = /etc/raddb/MAC-IP
format = "mac-address:Calling-Station-Id"
delimiter = ":"
}
}
(...)
authorize {
preprocess
mac-ip <--- I want to Reject the client if that module fails
eap
files
}
But when I run radiusd -X:
rlm_passwd: no field market as key in format: mac-address:Calling-Station-Id
How do I specify that mac-address is a "key" and Calling-Station-Id a "value" ?
Thank you,
Roman
On 3/7/06, Alan DeKok <aland at ox.org> wrote:
> Guillaume <guillaume.chardin at gmail.com> wrote:
> > ok, if i understand the manpage of dictionary & rlm_passwd, i have to
> > add this line in:
> > ##Dictionary file##
> > ATTRIBUTE mac-address 3001 string
>
> Why? That attribute won't ever appear in a packet.
>
> You have to use an attribute that will appear in a packet.
>
> Other than that, it looks like it should work.
>
> Alan DEKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list