Mac-auth checking in sites-enabled/default

Tom Leach leach at coas.oregonstate.edu
Fri Jul 23 00:50:07 CEST 2010


I'm currently using Freeradius v2.1.9 and I'm trying to write a 
condition in the authorize section to use a different module depending 
on whether Mac-auth or someother auth is being called.
In reading the wiki (http://wiki.freeradius.org/Mac-Auth) it appears 
that I want to check (Chap-Password == hash(User-Name)) but I'm having a 
problem getting the unlang syntax correct.

So far, I've tried:
	if (Chap-Password == hash(User-Name)){
which fails with:
	Consecutive conditions at (User-Name))
	/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.

and:
	if (Chap-Password == hash %{request:User-Name}) {
which fails with:
	Consecutive conditions at %{request:User-Name})
	/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.

So, it appears that I'm having a fundamental failure to understand the 
conditional statements in unlang.  So, is the wiki old/out-of-date, just 
pseudo code, or is the hash function something that I need to write?

My NAS doesn't send a Service-Type and the Calling-Station-Id is in a 
different format that I can munge to get into the same format as 
User-Name, but I thought the hash option would be the quickest.

Thanks!
Tom Leach



More information about the Freeradius-Users mailing list