very long regular expression...
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 24 01:46:50 CET 2006
Norbert Grochal wrote:
>>> I want to disallow login to access points for every hosts that are not
>>> in my network.
>>>
>>> So at the end of /usr/local/etc/raddb/users file I put regular
>>> expression that checks if Calling-Station-Id IS NOT in list of my
> hosts...
>>> DEFAULT Auth-Type := REJECT, Calling-Station-Id !~
>>> "008012323244|002938475473|<and many other macs...>"
>> Don't do that. It's ugly. Use rlm_passwd. See "man rlm_passwd".
>>
>> That lets you list all of the MACs in one flat text file, which is a
>> LOT easier to manage by a script than the "users" file.
>
> I still haven't idea how to do it, may you show me any example?
The man page is pretty clear
Do something like:
modules {
passwd mac2ok {
filename = /etc/raddb/mac2ok
format = "*Calling-Station-Id:~My-Local-String"
hashsize = 100
}
# other modules
}
authorize {
preprocess
mac2ok
files
# other modules
}
Make "/etc/raddb/mac2ok" read:
008012323244:ok
002938475473:ok
...then in "users" put:
DEFAULT My-Local-String != "ok", Auth-Type := Reject
Reply-Message = "calling station id not allowed",
Fall-Through = No
# Other config items
Depending on the version of the server, you might need the following in
/etc/raddb/dictionary:
ATTRIBUTE My-Local-String 3000 string
...where 3000 can be any number between 3000 and 4000 and
My-Local-String is an arbitrary name you can use for a local config
attribute.
>
> Is it possible to 'mark' good request and then at the end of users file
> write
>
> DEFAULT Auth-Type := REJECT, REQUEST_NOT_MARKED
>
> ??
>
> Norboro
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list