mac address format

Matthew Newton mcn4 at leicester.ac.uk
Mon Jan 28 14:37:29 CET 2013


On Mon, Jan 28, 2013 at 02:17:04PM +0100, François Dagorn wrote:
> 062f68c7dcc2 Auth-type := Accept, User-Password == "062f68c7dcc2"
> .....
> 
> but now the stations controlled by the new Cisco appears as follows
> 
> 06:2f:68:c7:dc:c2

Security tab ->AAA -> RADIUS -> Authentication
 MAC Delimiter can be set to "No delimiter"

> So my first idea was to duplicate entries in the authorized file included
> within my conf, unfortunantely it does not run.
> 
> So, is there a simple way to force radiusd to accept different mac address format ?

You can use unlang like the following to 'fix up' the mac
addresses:

if ("%{request:Called-Station-Id}" =~ /^([0-9a-fA-F]{2}):?([0-9a-fA-F]{2})[:.]?([0-9a-fA-F]{2}):?([0-9a-fA-F]{2})[:.]?([0-9a-fA-F]{2}):?([0-9a-fA-F]{2})$/) {
  update request {
    Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
  }
}


However - if you're trying to do wireless WPA and EAP with mac based auth, it's
not likely to go well...

> Sorry if this is a FAQ, of course I've not changed anything within my conf
> since 2009 !

You should upgrade. There have been security bugs fixed in 2.2.0.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list