mac address format
Matthew Newton
mcn4 at leicester.ac.uk
Mon Jan 28 14:37:29 CET 2013
On Mon, Jan 28, 2013 at 02:17:04PM +0100, François Dagorn wrote:
> 062f68c7dcc2 Auth-type := Accept, User-Password == "062f68c7dcc2"
> .....
>
> but now the stations controlled by the new Cisco appears as follows
>
> 06:2f:68:c7:dc:c2
Security tab ->AAA -> RADIUS -> Authentication
MAC Delimiter can be set to "No delimiter"
> So my first idea was to duplicate entries in the authorized file included
> within my conf, unfortunantely it does not run.
>
> So, is there a simple way to force radiusd to accept different mac address format ?
You can use unlang like the following to 'fix up' the mac
addresses:
if ("%{request:Called-Station-Id}" =~ /^([0-9a-fA-F]{2}):?([0-9a-fA-F]{2})[:.]?([0-9a-fA-F]{2}):?([0-9a-fA-F]{2})[:.]?([0-9a-fA-F]{2}):?([0-9a-fA-F]{2})$/) {
update request {
Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
}
}
However - if you're trying to do wireless WPA and EAP with mac based auth, it's
not likely to go well...
> Sorry if this is a FAQ, of course I've not changed anything within my conf
> since 2009 !
You should upgrade. There have been security bugs fixed in 2.2.0.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list