very long regular expression... [solved]
Norbert Grochal
norboro at celpol.pl
Mon Nov 27 10:08:43 CET 2006
> > > Do something like:
> > >
> > > modules {
> > > passwd mac2ok {
> > > filename = /etc/raddb/mac2ok
> > > format = "*Calling-Station-Id:~My-Local-String"
> > > hashsize = 100
> > > }
> > >
> > > # other modules
> > > }
> > >
> > > authorize {
> > > preprocess
> > > mac2ok
> > > files
> > > # other modules
> > > }
> > >
> > > Make "/etc/raddb/mac2ok" read:
> > >
> > > 008012323244:ok
> > > 002938475473:ok
> > >
> > > ...then in "users" put:
> > >
> > > DEFAULT My-Local-String != "ok", Auth-Type := Reject
> > Reply-Message =
> > > "calling station id not allowed", Fall-Through = No
> > >
> > > # Other config items
> > >
> > > Depending on the version of the server, you might need the
> > following
> > > in
> > > /etc/raddb/dictionary:
> > >
> > > ATTRIBUTE My-Local-String 3000 string
> >
> > OK, It almost works fine, but if there is no mac in my mac2ok
> > file then users file doesn't put REJECT into Auth-Type.
> > I have added that line at the begining of users file:
> >
> > DEFAULT Auth-Type := REJECT, My-Local-String !* "a"
OK. I have noticed that one request is 'processed' twice.
First time there is calling station it etc and mac2ok put 'good' into
request.
And then login is encapsulated from eap-message and freeradius process the
request again, but there is no My-Local-String etc. So reject from users
file cause eap-peap failure.
I have added at the end of users file:
# for first process of request
DEFAULT My-Local-String == "good"
Fall-Through = No
# for second process of request (login is known from eap-message...)
DEFAULT NAS-IP-Address == "127.0.0.1"
Fall-Through = No
DEFAULT Auth-Type := Reject
Thanks!!!
Norbert
More information about the Freeradius-Users
mailing list