RAD_REQUEST: Calling-Station-Id = ARRAY(0x825a588)
Thomas Zenz
thomas.zenz at oenb.at
Thu Jan 8 10:55:51 CET 2015
Just for Info.
We are running freeradius-2.2.0. We are unsing 802.1x on Cisco Switches
with MAB (Mac Authentication Bypass).
In the beginning we used the sql module to put the Clients into their
VLAN using MAB.
Now we use Certifiacts and the Client info to decide where we put the Port.
Because we get no Info if the Client is usind 802.1x or MAB I check with
the perl script, if the Calling-Station-Id equals the Stripped-User-Name.
After an uptdate in Win7 or using the debugging option in Windows:
# netsh ras set tracing * enable/disable
# Logs: C:\Windows\tracing
# - Explorer_RASTLS.log
# - svchost_RASTLS.log
The authorization was running fine during a Windows Boot. One moment
befor the Logon Prompt is showing, Windows makes a last
reauthentication, or link down/up.
This session has as Calling-Station-Id an ARRAY. So my script failed,
and the Port was set to the MAB VLAN where clients only get Updates or
PXE Boot.
With Help of the Script from <Ana Gallardo Gómez> I created this script.
Feel free to use it:
my $Client_REQ_TYPE = "";
my $VLAN = "";
my $CSI = "";
my $req;
my @array;
if (exists $RAD_REQUEST{'Calling-Station-Id'} && defined
$RAD_REQUEST{'Calling-Station-Id'}) {
$req=$RAD_REQUEST{'Calling-Station-Id'};
#RAD Request is an array.
if (ref($req) eq "ARRAY") {
foreach (@{$req}) {
#print ("\nCSId: $_");
$CSI=lc($_);
push(@array, $_);
}
}
if ($#array ==1 ){
# everyting OK, one Entry
;
}
elsif ($#array > 1){
syslog('info', "More than one Calling-Station-Id");
print "\n";
print @array;
print "\n";
}
elsif ($#array == 0){
syslog('info', "No Calling-Station-Id");
print $array[0];
}
unless (ref($req)) {
#not an Array simply
$CSI=lc($req);
print ("\nCSId End: $req");
}
}
our $SessionIdentifier;
$CSI =~ s/-//g;
my $SUID = lc($RAD_REQUEST{'Stripped-User-Name'});
#syslog('info', "CSI: $CSI");
#syslog('info', "SUID: $SUID");
print "CSI: $CSI\n";
print "SUID: $SUID\n";
print "--------------CallerID VLan---------------\n";
if ( $CSI == $SUID) {
$Client_REQ_TYPE = "MAB";
syslog('info', "MAB Request $SUID");
} else {
$Client_REQ_TYPE = "dot1x";
syslog('info', "802.1X Authentication $SUID");
}
Have Fun
Tom
More information about the Freeradius-Users
mailing list