[authorized_macs.authorize] returns noop
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jan 7 01:02:40 CET 2011
On 01/06/2011 05:48 PM, Alexander Clouter wrote:
>> We *actually* abuse Postgres' macaddr datatype by doing this:
>>
> Goddamnit, first I discover all the CIDR bits and think how great that
> is, but I never thought to look if there was a MAC address one.
Be sure to checkout:
trunc('00:11:22:33:44:55')='00:11:22:00:00:00'
Useful for OUI lookups if you combine it with an import of the "manuf"
file from wireshark.
>
>> update request {
>> Calling-Station-Id = "%{sql:select '%{Calling-Station-Id}'::macaddr}"
>> }
>>
> Not quite there, but it could be IC's entry for the DWTF? ;P
>
> On a serious note, that is going to be a ballache if your SQL server
> goes walkies...
The SQL server runs locally on each radius server, holding a read-only
replica of the main DB. If the SQL server goes away, the radius server
can't do anything useful anyway (all mac->vlan lookups require the SQL
to be working)
We used to use an rlm_passwd map, but the SQL is just too useful. I
concentrate on making sure that anything which kills the SQL server
would have rendered the whole radius server useless anyway.
More information about the Freeradius-Users
mailing list