WiFi & Mac address authentication

brainstorm braincode at gmail.com
Mon Mar 13 00:16:38 CET 2006


I'm trying to implement a similar scenario: I am using PEAP, and I
want to check if a given mac is in my database. In my case, the MACs
file looks like this:

0030.0996.CF52:192.168.12.1

I would like to match the first field (MAC) with the NAS
"Calling-Station-Id" attribute, if this check fails, I would like to
reject that user. Is it doable with rlm_password ? I've tried, but I
cannot figure out which is the right "format" for my case:

I've tried the following in radiusd.conf:

modules {
(...)
passwd mac-ip {
                filename = /etc/raddb/MAC-IP
                format = "mac-address:Calling-Station-Id"
                delimiter = ":"
        }
}

(...)

authorize {
        preprocess
        mac-ip          <--- I want to Reject the client if that module fails
        eap
        files
}

But when I run radiusd -X:

rlm_passwd: no field market as key in format: mac-address:Calling-Station-Id

How do I specify that mac-address is a "key" and Calling-Station-Id a "value" ?

Thank you,
Roman

On 3/7/06, Alan DeKok <aland at ox.org> wrote:
> Guillaume <guillaume.chardin at gmail.com> wrote:
> > ok, if i understand the manpage of dictionary & rlm_passwd, i have to
> > add this line in:
> > ##Dictionary file##
> > ATTRIBUTE        mac-address       3001       string
>
>   Why?  That attribute won't ever appear in a packet.
>
>   You have to use an attribute that will appear in a packet.
>
>   Other than that, it looks like it should work.
>
>   Alan DEKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list