MAC authentication bypass --- How am I supposed to edit?theusers file to include multiple MAC addresses??
Arran Cudbard-Bell
a.cudbard-bell at sussex.ac.uk
Mon Dec 21 00:31:00 CET 2009
On 20/12/2009 22:44, Alan Buxey wrote:
> Hi,
>
>
>> ....some would say that is a controversial MAC address regexp, but I
>> guess you just do things differently 'up north' eh? :)
>>
> hey, it was a quick hackup example to deal with the question.
>
>
>> 'cheese112233xxyyzzTASTY' would even match that :)
>>
> yep - but a user could just as easily log in with the user-name of
> 00:11:22:33:44:55 ;-)
>
>
Hmm yes, maybe add a !EAP-Message condition somewhere in there...
> thats why some decent stuff needs to be done elsewhere....I dont
> like Mac auth bypass. not a fan of it at all - its a horrible
> kludge to deal with devices that cant do 802.1X
>
> the real answer is to get the vendors to sort their cheap shoddy kit out ;-)
>
Ahem *Vendor :P - - Sorry I have to do it or they beat me :(
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091220/826fafba/attachment.pgp>
More information about the Freeradius-Users
mailing list