Allow all MAC address
mat.marius at yahoo.com
mat.marius at yahoo.com
Tue Nov 29 12:41:48 UTC 2022
What we are doing whenever we get a new device is to connect it for
deployment in some static access ports.
All those ports are having access only to SCCM infrastructure.
But indeed , seems a more convenient solution to return a static VLANID
for devices not being allowed in Radius.
On 10/20/22 13:50, Alan Buxey wrote:
> Hi
>
> There are hundreds of ways that it could be done, Alan gave you one place
> and recipe to make it clear/safe. You just need to configure your
> requirements.
>
> Another option would be to have the fail VLAN work with your software ie
> have the fail vlan have enough IP (DHCP etc, ) and access to the servers
> for image deploy.
>
> On Thu, 20 Oct 2022, 08:11 Pascal Legrand, <pascal.legrand at univ-orleans.fr>
> wrote:
>
>> Hello and thank you for your answer,
>> Is there a solution more simlpe to allow all stations to access the
>> network punctually?
>> Authorize punctually all MAC addresses?
>>
>> Thanks again
>> Pascal
>>
>> Le 19/10/2022 à 15:55, Alan DeKok a écrit :
>>> On Oct 19, 2022, at 9:48 AM, Pascal Legrand <
>> pascal.legrand at univ-orleans.fr> wrote:
>>>> I use freeradius to limit the access to our network by filtering MAC
>> address:
>>>> XXXXXXXXXXXX Cleartext-Password := "XXXXXXXXXXXX", Machine-Name :=
>> "COMPUTER_1"
>>> OK.
>>>
>>>> When we receive new computers, we use the FOG software to deploy a
>> clean image on all new computers.
>>>> The problem is that we have not yet set up Freeradius to allow these
>> news computers to access our network.
>>>> My question is the following: is it possible to authorize punctually
>> all MAC addresses to access the network while we recover them to configure
>> Freeradius?
>>> Yes.
>>>
>>>> The idea would be to add a line like :
>>>> ALL_MAC_ADDRESS Cleartext-Password := "ALL_MAC_ADDRESS", Machine-Name
>> := "NEW_MACHINE"
>>>> Does Freeradius allow regular expressions in its configuration file?
>>> The documentation for the "files" module says how it works. It
>> doesn't support regular expressions here.
>>> But "unlang" does.
>>>
>>>> If yes, what should be the form of this regular expression?
>>> We don't document how regular expressions work. There is a lot of
>> documentation elsewhere on the net for that.
>>> What you can do in FreeRADIUS is something like this:
>>>
>>> authorize {
>>> ...
>>> files
>>> if (notfound) {
>>> #
>>> # All MAC auth has this
>>> #
>>> if (User-Name != User-Password) {
>>> reject
>>> }
>>>
>>> #
>>> # Check the *format* of MAC auth
>>> #
>>> if (User-Name !~ /stuff/) {
>>> reject
>>> }
>>>
>>> ... else it's an actual MAC auth, do something
>>> }
>>>
>>> The "stuff" in the regular expression line is what you'll have to
>> write. We can't really advise how to do that here, as (a) different
>> vendors have randomly different formats for MAC auth, and (b) regular
>> expressions are well documented in many places all over the net.
>>> Alan DEKok.
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> --
>> Pascal Legrand
>> Service Informatique
>> 1, place Roger Joly 28000 Chartres
>> 02 37 91 83 36
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list