MAC authentication bypass --- How am I supposed to?edit?theusersfile to include multiple MAC addresses??
Difan Zhao
difan.zhao at guest-tek.com
Wed Dec 23 02:01:27 CET 2009
So...,
Alan suggested using unlang. I am actually reading un-language (5). If I
use it, where or what file do I put your script in?
=============================Script that Alan
wrote====================================
authorise {
if("%{User-Name}" =~ /[0-9a-z]{12}/i && "%{Huntgroup-Name}" ==
"MAB-switches"){
update control {
Auth-Type := MAB
}
ok = return
}
}
authenticate {
Auth-Type MAB {
ok
}
}
========================================================================
================
I do understand that I need to revise it to make it only authenticate
the right MAC addresses and only respond if the request meets certain
criteria or have certain attributes. Can I include these logics in
unlang such as User-Name == Calling-Station-Id or Service-Type ==
Call-Check? In addition, I want to assign these devices to a specific
VLAN. Can I add the attributes here as well? Is this vlan assignment
part of authentication or authorization?
Alexander, I did read the links you gave me very carefully and I guess I
understand the logic... However it seems that I have to edit many files.
I am new to the FreeRadius and I don't have any programming
experience... Is there a document which can tell me briefly what these
files are for and how FreeRadius is using them? I don't really want to
edit those files when I don't know enough about them...
Thank you both for your advice!
Difan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091222/67a7ecac/attachment.html>
More information about the Freeradius-Users
mailing list