very long regular expression... [solved]

Norbert Grochal norboro at celpol.pl
Mon Nov 27 10:08:43 CET 2006


> > > Do something like:
> > >
> > > modules {
> > >    passwd mac2ok {
> > >      filename = /etc/raddb/mac2ok
> > >      format = "*Calling-Station-Id:~My-Local-String"
> > >      hashsize = 100
> > >    }
> > >
> > >    # other modules
> > > }
> > >
> > > authorize {
> > >    preprocess
> > >    mac2ok
> > >    files
> > >    # other modules
> > > }
> > >
> > > Make "/etc/raddb/mac2ok" read:
> > >
> > > 008012323244:ok
> > > 002938475473:ok
> > >
> > > ...then in "users" put:
> > >
> > > DEFAULT My-Local-String != "ok", Auth-Type := Reject
> > Reply-Message =
> > > "calling station id not allowed", Fall-Through = No
> > >
> > > # Other config items
> > >
> > > Depending on the version of the server, you might need the
> > following
> > > in
> > > /etc/raddb/dictionary:
> > >
> > > ATTRIBUTE My-Local-String 3000 string
> >
> > OK, It almost works fine, but if there is no mac in my mac2ok
> > file then users file doesn't put REJECT into Auth-Type.
> > I have added that line at the begining of users file:
> >
> > DEFAULT Auth-Type := REJECT, My-Local-String !* "a"

OK. I have noticed that one request is 'processed' twice.
First time there is calling station it etc and mac2ok put 'good' into
request.
And then login is encapsulated from eap-message and freeradius process the
request again, but there is no My-Local-String etc. So reject from users
file cause eap-peap failure.

I have added at the end of users file:

# for first process of request
DEFAULT My-Local-String == "good"
    Fall-Through = No

# for second process of request (login is known from eap-message...)
DEFAULT NAS-IP-Address == "127.0.0.1"
    Fall-Through = No

DEFAULT Auth-Type := Reject

Thanks!!!

Norbert




More information about the Freeradius-Users mailing list