WiFi & Mac address authentication
brainstorm
braincode at gmail.com
Mon Mar 13 20:41:08 CET 2006
>
> Please read the docs. This comments right above the "passwd" module in
> the default config are VERY SPECIFIC. The format is:
>
> format = "*Key-Value:~Request-Value:=Reply-Value:Configure-Value"
>
> That is, the radius attribute "Key-Value" is the first field.
> Request-Value (prefix ~) will be added to the request, Reply-Value
> (prefix =) to the reply, and Configure-Value (no prefix) to the
> configure items.
Sure, I have missed that valuable info (I was too focused on man page
and /usr/share/doc).
> So you're wrong several ways:
>
> 3. In any case, for WAPs, Calling-Station-Id is normally the MAC, not IP
That's exactly the field I wish to use (Calling-Station-Id), the IP is
just for other internal purposes, so you can ignore it.
> Try something like this:
>
> passwd mac-ip {
> filename = /etc/raddb/MAC-IP
> format = "*Calling-Station-Id:Class"
> delimiter = ":"
> authtype = Reject
> }
> always fail {
> rcode = fail
> }
>
> authorize {
> mac-ip {
> notfound = reject
> }
> # others
> }
That was useful, thank you ! I guess that in my case it's safe to drop
the Class attribute, leaving format just as: "*Calling-Station-Id:".
> ...and note that many/most APs send the MAC as "00-11-22-33-44-55" so
> the file should look like this:
>
> 00-11-22-33-44-55:KnownUser
FYI, the Cisco Aironet 1200 can send the Calling-Station-Id on these
configurable formats:
xxxx.xxxx.xxxx
xx-xx-xx-xx-xx-xx
xx:xx:xx:xx:xx:xx
So it's ok right now.
>
> This is all in the docs.
Perhaps this example could be used in the manpage as an EXAMPLE
section, isn't it ?
More information about the Freeradius-Users
mailing list