tolower seems to result in unneeded reject of mac address, or I am using it wrong

Schaatsbergen, Chris Chris.Schaatsbergen at aleo-solar.de
Tue Dec 21 15:01:06 CET 2010


Hi all,

I am not very used to working with freeradius unfortunately and I am using the Mac Auth solution<http://wiki.freeradius.org/Mac-Auth> as described on your website and other then the case sensitivity it was working correctly.

I was looking for a way to change the Calling station id to lowercase, or to make the comparison case insensitive as some of our switches return mac addresses in uppercase, others in lowercase. Then I discovered a brand new function "tolower" had been added to the 2.1.10 version of freeradius and we were still at 2.1.8. So after an update I could run freeradius with the added function without errors. Unfortunately it seems not to work correctly.

Now, if a known mac address is authorized, it is rejected

[authorized_macs]       expand: "%{Calling-Station-ID}" -> "00-17-42-1C-44-68"
[authorized_macs]       expand: %{tolower:"%{Calling-Station-ID}"} -> "00-17-42-1c-44-68"
+++++[authorized_macs.authorize] returns noop

00-17-42-1c-44-68 does actually exist in the authorized_macs file. This used to return a match and ok when the calling station id was matched, case sensitive.

Unfortunately I do not have permission from my superiors to utilize a MySQL database yet (which would solve all of this), so I am stuck with the files for now.

Can any of you see what I am doing wrong?

modules/files
files authorized_macs {
        # The default key attribute to use for matches.  The content
        # of this attribute is used to match the "name" of the
        # entry.
        key = %{tolower:"%{Calling-Station-ID}"}

        usersfile = ${confdir}/authorized_macs

        #  If you want to use the old Cistron 'users' file
        #  with FreeRADIUS, you should change the next line
        #  to 'compat = cistron'.  You can the copy your 'users'
        #  file from Cistron.
        compat = no
}

sites-available/default
post-auth {
# output surpressed
       if(control:Auth-Type == 'CSID'){
              # Authorization happens here
              # %{Calling-Station-ID} = %{tolower:%{Calling-Station-ID}} # here the function does not work (like this)
              authorized_phones.authorize
              if (!ok) {
                     authorized_printers.authorize
                     if (!ok) {
                            authorized_macs.authorize
                            if (notfound) { # notfound construction used to overcome false rejects
                                   reject
                            }
                            else {
                                   update reply {
                                          Cisco-AVPair = "tunnel-type=vlan"
                                          Cisco-AVPair = "tunnel-medium-type=802"
                                          Cisco-AVPair = "tunnel-private-group-id=4"
                                   }
                            }
                     }
                     else{
                            update reply {
                                   Cisco-AVPair = "tunnel-type=vlan"
                                   Cisco-AVPair = "tunnel-medium-type=802"
                                   Cisco-AVPair = "tunnel-private-group-id=1"
                            }
                     }
              }
              else{
                     update reply {
                            Cisco-AVPair = "device-traffic-class=voice"
                     }
              }
       }
}

Chris Schaatsbergen

--
aleo solar Deutschland GmbH
Chris Schaatsbergen
IT Projekte / IT Projects
Osterstr. 15, 26122 Oldenburg

T +49 441 21988­-288
F +49 441 21988­-150
M +49 162 2552288
chris.schaatsbergen at aleo-solar.de<mailto:chris.schaatsbergen at aleo-solar.de>
http://www.aleo-solar.de

Geschäftsführer/Management Board: York zu Putlitz, Dr. Jens Sabotke, Norbert Schlesiger
Sitz der Gesellschaft/Registered Office: Oldenburg (Oldb), Germany
Handelsregister/Companies´ Register: Oldenburg, Germany, HRB 4947

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101221/489dabf4/attachment.html>


More information about the Freeradius-Users mailing list