tolower seems to result in unneeded reject of mac address, or I am using it wrong
Schaatsbergen, Chris
Chris.Schaatsbergen at aleo-solar.de
Tue Dec 21 15:01:06 CET 2010
Hi all,
I am not very used to working with freeradius unfortunately and I am using the Mac Auth solution<http://wiki.freeradius.org/Mac-Auth> as described on your website and other then the case sensitivity it was working correctly.
I was looking for a way to change the Calling station id to lowercase, or to make the comparison case insensitive as some of our switches return mac addresses in uppercase, others in lowercase. Then I discovered a brand new function "tolower" had been added to the 2.1.10 version of freeradius and we were still at 2.1.8. So after an update I could run freeradius with the added function without errors. Unfortunately it seems not to work correctly.
Now, if a known mac address is authorized, it is rejected
[authorized_macs] expand: "%{Calling-Station-ID}" -> "00-17-42-1C-44-68"
[authorized_macs] expand: %{tolower:"%{Calling-Station-ID}"} -> "00-17-42-1c-44-68"
+++++[authorized_macs.authorize] returns noop
00-17-42-1c-44-68 does actually exist in the authorized_macs file. This used to return a match and ok when the calling station id was matched, case sensitive.
Unfortunately I do not have permission from my superiors to utilize a MySQL database yet (which would solve all of this), so I am stuck with the files for now.
Can any of you see what I am doing wrong?
modules/files
files authorized_macs {
# The default key attribute to use for matches. The content
# of this attribute is used to match the "name" of the
# entry.
key = %{tolower:"%{Calling-Station-ID}"}
usersfile = ${confdir}/authorized_macs
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
}
sites-available/default
post-auth {
# output surpressed
if(control:Auth-Type == 'CSID'){
# Authorization happens here
# %{Calling-Station-ID} = %{tolower:%{Calling-Station-ID}} # here the function does not work (like this)
authorized_phones.authorize
if (!ok) {
authorized_printers.authorize
if (!ok) {
authorized_macs.authorize
if (notfound) { # notfound construction used to overcome false rejects
reject
}
else {
update reply {
Cisco-AVPair = "tunnel-type=vlan"
Cisco-AVPair = "tunnel-medium-type=802"
Cisco-AVPair = "tunnel-private-group-id=4"
}
}
}
else{
update reply {
Cisco-AVPair = "tunnel-type=vlan"
Cisco-AVPair = "tunnel-medium-type=802"
Cisco-AVPair = "tunnel-private-group-id=1"
}
}
}
else{
update reply {
Cisco-AVPair = "device-traffic-class=voice"
}
}
}
}
Chris Schaatsbergen
--
aleo solar Deutschland GmbH
Chris Schaatsbergen
IT Projekte / IT Projects
Osterstr. 15, 26122 Oldenburg
T +49 441 21988-288
F +49 441 21988-150
M +49 162 2552288
chris.schaatsbergen at aleo-solar.de<mailto:chris.schaatsbergen at aleo-solar.de>
http://www.aleo-solar.de
Geschäftsführer/Management Board: York zu Putlitz, Dr. Jens Sabotke, Norbert Schlesiger
Sitz der Gesellschaft/Registered Office: Oldenburg (Oldb), Germany
Handelsregister/Companies´ Register: Oldenburg, Germany, HRB 4947
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101221/489dabf4/attachment.html>
More information about the Freeradius-Users
mailing list