Mac-auth checking in sites-enabled/default
Tom Leach
leach at coas.oregonstate.edu
Fri Jul 23 00:50:07 CEST 2010
I'm currently using Freeradius v2.1.9 and I'm trying to write a
condition in the authorize section to use a different module depending
on whether Mac-auth or someother auth is being called.
In reading the wiki (http://wiki.freeradius.org/Mac-Auth) it appears
that I want to check (Chap-Password == hash(User-Name)) but I'm having a
problem getting the unlang syntax correct.
So far, I've tried:
if (Chap-Password == hash(User-Name)){
which fails with:
Consecutive conditions at (User-Name))
/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.
and:
if (Chap-Password == hash %{request:User-Name}) {
which fails with:
Consecutive conditions at %{request:User-Name})
/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.
So, it appears that I'm having a fundamental failure to understand the
conditional statements in unlang. So, is the wiki old/out-of-date, just
pseudo code, or is the hash function something that I need to write?
My NAS doesn't send a Service-Type and the Calling-Station-Id is in a
different format that I can munge to get into the same format as
User-Name, but I thought the hash option would be the quickest.
Thanks!
Tom Leach
More information about the Freeradius-Users
mailing list