Cisco Mac-Auth-Bypass with Freeradius 2.0.4 [SEC=UNCLASSIFIED]

Ranner, Frank MR Frank.Ranner at defence.gov.au
Fri May 16 02:27:06 CEST 2008 

UNCLASSIFIED

______________________________

	From:
freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.or
g
[mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freer
adius.org] On Behalf Of MONTFORD, AUSTIN
	Sent: Friday, 16 May 2008 07:31
	To: freeradius-users at lists.freeradius.org
	Subject: Cisco Mac-Auth-Bypass with Freeradius 2.0.4
	
	
	Hey,
	I just got this working on a test server finally using the users
file and have a quick question.  I was wondering is there a way where I
don't have to type the last 3 lines of this everytime in my users file?
I was thinking of using some kind of setup with a seperate file for each
vlan containing only the first statement (with the mac address as the
user/pass).  Then $include each vlanfile in the users file with
freeradius appending the correct tunnel statements depending on what
vlanfile the mac address was in.  Anyways I haven't quite wrapped my
head around the syntax to do this or am sure this is the best way.  If
someone has any advice that would be great.
	 
	123400000000    Cleartext-Password := "123400000000"
	                                Tunnel-Type = "VLAN",
	                                Tunnel-Medium-Type = "IEEE-802"
	                                Tunnel-Private-Group-Id =
"Students"
	 
	 
	By the way Freeradius rocks!
	 
	Thanks,
	Austin 
	 
	 
There is a couple of ways to do this.

1. Use groups.
2. Use Fall-Through and group you users file.

Example:

# Set boilerplate text
DEFAULT
	Tunnel-Type = "VLAN",
      Tunnel-Medium-Type = "IEEE-802",
	Fall-Through = True

# Staff systems
DEFAULT
	Tunnel-Private-Group-Id := "Staff",
	Fall-Through = True

$INCLUDE staff.users

# Student systems
DEFAULT
	Tunnel-Private-Group-Id := "Students",
	Fall-Through = True

$INCLUDE student.users

...

DEFAULT	Auth-Type:=reject


Student.users would have lines like:
123400000000    Cleartext-Password := "123400000000"
123500000000    Cleartext-Password := "123500000000"

and could be generated by a script.

Regards,
Frank Ranner

More information about the Freeradius-Users mailing list