Cisco Mac-Auth-Bypass with Freeradius 2.0.4

MONTFORD, AUSTIN AMONTFOR at uscb.edu
Mon May 19 20:15:15 CEST 2008 

Frank & Ivan,
Just wanted to thank yall for the advice and let you know this worked
like a charm.  Just had to change Fall-Through = True to Fall-Through =
Yes which was simple enough using the debug output.  Version thing with
the syntax I guess...

Thanks again!
Austin

-----Original Message-----
Message: 5
Date: Fri, 16 May 2008 10:27:06 +1000
From: "Ranner, Frank MR" <Frank.Ranner at defence.gov.au>
Subject: RE: Cisco Mac-Auth-Bypass with Freeradius 2.0.4
	[SEC=UNCLASSIFIED]
To: "FreeRadius users mailing list"
	<freeradius-users at lists.freeradius.org>
______________________________

	From:
freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.or
g
[mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freer
adius.org] On Behalf Of MONTFORD, AUSTIN
	Sent: Friday, 16 May 2008 07:31
	To: freeradius-users at lists.freeradius.org
	Subject: Cisco Mac-Auth-Bypass with Freeradius 2.0.4
	
	
	Hey,
	I just got this working on a test server finally using the users
file and have a quick question.  I was wondering is there a way where I
don't have to type the last 3 lines of this everytime in my users file?
I was thinking of using some kind of setup with a seperate file for each
vlan containing only the first statement (with the mac address as the
user/pass).  Then $include each vlanfile in the users file with
freeradius appending the correct tunnel statements depending on what
vlanfile the mac address was in.  Anyways I haven't quite wrapped my
head around the syntax to do this or am sure this is the best way.  If
someone has any advice that would be great.
	 
	123400000000    Cleartext-Password := "123400000000"
	                                Tunnel-Type = "VLAN",
	                                Tunnel-Medium-Type = "IEEE-802"
	                                Tunnel-Private-Group-Id =
"Students"
	 
	 
	By the way Freeradius rocks!
	 
	Thanks,
	Austin 
	 
	 
There is a couple of ways to do this.

1. Use groups.
2. Use Fall-Through and group you users file.

Example:

# Set boilerplate text
DEFAULT
	Tunnel-Type = "VLAN",
      Tunnel-Medium-Type = "IEEE-802",
	Fall-Through = True

# Staff systems
DEFAULT
	Tunnel-Private-Group-Id := "Staff",
	Fall-Through = True

$INCLUDE staff.users

# Student systems
DEFAULT
	Tunnel-Private-Group-Id := "Students",
	Fall-Through = True

$INCLUDE student.users

...

DEFAULT	Auth-Type:=reject


Student.users would have lines like:
123400000000    Cleartext-Password := "123400000000"
123500000000    Cleartext-Password := "123500000000"

and could be generated by a script.

Regards,
Frank Ranner

More information about the Freeradius-Users mailing list