MAC authentication bypass --- How amIsupposedto?edit?theusersfile to include multiple MAC addresses??

Difan Zhao difan.zhao at guest-tek.com
Wed Dec 30 20:19:13 CET 2009


Hey guys,

 

Since I have asked so many questions regarding to this topic I guess you
all know my situation very well so I won't go through the whole thing
again and save your time!

 

So I found that if I add a "Default" line at the bottom of the users
file, like:

 

...

DEFAULT                Auth-Type = ntlm_auth

 

The server will always use ntlm for authentication... even I have
updated the auth-type to Auth-NHSTB, it doesn't use it. I have attached
both debug files. What should I do if I want a "Default" line in the
user file while still use the special authentication that I defined for
MAC authentication bypass? Thanks!

 

 

 

Policy.conf:

 

policy {

        ...

        rewrite_calling_station_id {

                if(request:Calling-Station-Id =~
/00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {

                        update request {

                                Calling-Station-Id :=
"00a008%{1}%{2}%{3}"

                        }

                }

                else {

                        noop

                }

        }

}       

 

 

Default:

 

authorize {

            ...

rewrite_calling_station_id

if((Service-Type == 'Call-Check') && (User-Name =~
/^%{Calling-Station-ID}$/i)){

                  update control {

                        Auth-Type = 'Auth-NHSTB'

                  }

    }

}

 

authenticate {

                  ...

        Auth-Type Auth-NHSTB {

                if(request:User-Name == "%{request:User-Password}") {

                        ok

                }

                else{

                        reject

                }

        }

}

 

 

Guest-tek, Difan Zhao

difan.zhao at guest-tek.com

www.guest-tek.com

Office: 403-509-1010 ext 3048

Cell: 403-689-7514

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091230/5135f533/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd -X with 'default' line in users.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091230/5135f533/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd -X without 'default' line in users.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091230/5135f533/attachment-0001.txt>


More information about the Freeradius-Users mailing list