802.1x MAB

Matthew Newton mcn at freeradius.org
Mon Jan 29 12:00:30 CET 2018

On Mon, 2018-01-29 at 10:37 +0000, Tony Gottfridsson wrote:
> 9cebe82ae8eeCleartext-Password := "9cebe82ae8ee"

The "check" data.

> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-ID = 10

The "reply" data.

> authorize_check_query string currently returns:
> id,username,attribute,value,op
> 1,9c:eb:e8:2a:e8:ee,Cleartext-Password,9c:eb:e8:2a:e8:ee,:=
> 2,9c:eb:e8:2a:e8:ee,Tunnel-Type,VLAN,=
> 3,9c:eb:e8:2a:e8:ee,Tunnel-Medium-Type,IEEE-802,=
> 4,9c:eb:e8:2a:e8:ee,Tunnel-Private-Group-ID,99,=

Which isn't all "check" data.

> To me this is almost exactly a "mirror of the users file content".

Yes, almost.

> The query config files talks about ${authreply_table}. Well then it
> seems using sql it's not just to mirror the "users" file, there is
> something else needed that the "users" files doesn't need, what data
> do I need to have in authreply_table to enable the same functionality
> as the working poc

Put the check data in the check table and the reply data in the reply

Colons in the MAC address do matter, too. "9c:eb:e8:2a:e8:ee" returned
from the database won't match "9cebe82ae8ee" in the RADIUS packet. You
need to make sure it's the same.


More information about the Freeradius-Users mailing list