[authorized_macs.authorize] returns noop

Phil Mayers p.mayers at imperial.ac.uk
Fri Jan 7 01:02:40 CET 2011

On 01/06/2011 05:48 PM, Alexander Clouter wrote:

>> We *actually* abuse Postgres' macaddr datatype by doing this:
> Goddamnit, first I discover all the CIDR bits and think how great that
> is, but I never thought to look if there was a MAC address one.

Be sure to checkout:


Useful for OUI lookups if you combine it with an import of the "manuf" 
file from wireshark.
>> update request {
>>    Calling-Station-Id = "%{sql:select '%{Calling-Station-Id}'::macaddr}"
>> }
> Not quite there, but it could be IC's entry for the DWTF? ;P
> On a serious note, that is going to be a ballache if your SQL server
> goes walkies...

The SQL server runs locally on each radius server, holding a read-only 
replica of the main DB. If the SQL server goes away, the radius server 
can't do anything useful anyway (all mac->vlan lookups require the SQL 
to be working)

We used to use an rlm_passwd map, but the SQL is just too useful. I 
concentrate on making sure that anything which kills the SQL server 
would have rendered the whole radius server useless anyway.

More information about the Freeradius-Users mailing list