Authorized Macs File
Alan DeKok
aland at deployingradius.com
Wed Apr 16 18:22:30 CEST 2014
Matthew Ceroni wrote:
> The issue is that I find myself constantly updating the file and
> restarting FreeRadius (this file is even maintained in SVN and pushed
> out via Puppet). Is there a way to query the data via LDAP?
Yes. Just write an LDAP query which returns the MAC. Then, use it in
FreeRADIUS.
if (Calling-Station-Id != "%{ldap:...}") {
reject
}
Put the LDAP query into the ... portion. Be sure that the result of
the query is in the same format seen in Calling-Station-Id. If it
isn't, you'll have to re-write the string before comparing it to
Calling-Station-Id.
> The systems
> in question are registered to our AD server and a custom attribute field
> contains the MAC address. If I could dynamically pull this data it would
> make life much easier.
That's why FreeRADIUS allows you to dynamically pull the data from
LDAP. :)
Alan DeKok.
More information about the Freeradius-Users
mailing list