usename + password + MAC address

Hilton Guaraldi guaraldi at gmail.com
Mon Sep 14 05:30:13 CEST 2009 

Let me ask something about attr_rewrite in order to give the
possibility to work with my 6 APs, and to do a rewrite of MAC to
EAP-PEAP authentication.
Would it be possible to write in radius.conf and default files the
following, avoiding many entries in the hints file?

Scenario:   AP1              ->Send client MAC 00-18-E7-41-AD-C2
                AP2,...,AP6    ->Send client MAC 0018e741adc2

In radius.conf,

attr_rewrite mac-phase1 {
                attribute = Calling-Station-Id
                new_attribute = no
                searchin = packet
                ignore_case = no
                searchfor = "-"           # Possible here doing a hyphen search
                replacewith = ""         # and replacing...
                append = no
         }

attr_rewrite mac-phase2 {
                attribute = Calling-Station-Id
                new_attribute = no
                searchin = packet
                ignore_case = no
                searchfor = "???"       # Possible here doing a
lowercase letters search
                replacewith = "???"    # and replacing by uppercase
letters, a->A, c->C, d->D, e->E, etc... Apologize me for the ???
                append = no
        }

and in default:

authorize {
        mac-phase1
        mac-phase2
        ...
}

But the problem is, I do not know how to do the replacement.
Do you know how can I do this with an expression in mac-phase2?

And in mac-phase1 the hyphen search is correct?

The benefit would be one Calling-Station-Id with uppercase letters
without hyphens entry in MySQL radcheck table for each user...

The operator in MySQL radcheck table to work with Calling-Station-Id
string is == .
If MAC now is 0018E741ADC2, after running mac-phase2,  the operator
must change?

Best regards,
Guaraldi



2009/9/13 Ivan Kalik <tnt at kalik.net>:
>> Ok, it works, but a new problem emerged....
>>
>> I have 6 AP´s. One of them send the MAC in the following format:
>> 00-18-E7-41-AD-C2. The others send 0018e741adc2... Here the letters
>> are in lowercase and if changed to uppercase the authentication fails
>> from 5 AP´s.
>
> Rewrite Calling-Station-Id in hints file to the format you want (probably
> best without separators). You have examples for regex rewriting mac
> address in other threads on the list.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>

More information about the Freeradius-Users mailing list