MAC authentication bypass --- How amIsupposedto?edit?theusersfile to include multiple MAC addresses??
Difan Zhao
difan.zhao at guest-tek.com
Wed Dec 30 20:19:13 CET 2009
Hey guys,
Since I have asked so many questions regarding to this topic I guess you
all know my situation very well so I won't go through the whole thing
again and save your time!
So I found that if I add a "Default" line at the bottom of the users
file, like:
...
DEFAULT Auth-Type = ntlm_auth
The server will always use ntlm for authentication... even I have
updated the auth-type to Auth-NHSTB, it doesn't use it. I have attached
both debug files. What should I do if I want a "Default" line in the
user file while still use the special authentication that I defined for
MAC authentication bypass? Thanks!
Policy.conf:
policy {
...
rewrite_calling_station_id {
if(request:Calling-Station-Id =~
/00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {
update request {
Calling-Station-Id :=
"00a008%{1}%{2}%{3}"
}
}
else {
noop
}
}
}
Default:
authorize {
...
rewrite_calling_station_id
if((Service-Type == 'Call-Check') && (User-Name =~
/^%{Calling-Station-ID}$/i)){
update control {
Auth-Type = 'Auth-NHSTB'
}
}
}
authenticate {
...
Auth-Type Auth-NHSTB {
if(request:User-Name == "%{request:User-Password}") {
ok
}
else{
reject
}
}
}
Guest-tek, Difan Zhao
difan.zhao at guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091230/5135f533/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd -X with 'default' line in users.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091230/5135f533/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd -X without 'default' line in users.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091230/5135f533/attachment-0001.txt>
More information about the Freeradius-Users
mailing list