Allow all MAC address
Pascal Legrand
pascal.legrand at univ-orleans.fr
Thu Oct 20 07:11:16 UTC 2022
Hello and thank you for your answer,
Is there a solution more simlpe to allow all stations to access the
network punctually?
Authorize punctually all MAC addresses?
Thanks again
Pascal
Le 19/10/2022 à 15:55, Alan DeKok a écrit :
> On Oct 19, 2022, at 9:48 AM, Pascal Legrand <pascal.legrand at univ-orleans.fr> wrote:
>> I use freeradius to limit the access to our network by filtering MAC address:
>> XXXXXXXXXXXX Cleartext-Password := "XXXXXXXXXXXX", Machine-Name := "COMPUTER_1"
>
> OK.
>
>> When we receive new computers, we use the FOG software to deploy a clean image on all new computers.
>> The problem is that we have not yet set up Freeradius to allow these news computers to access our network.
>> My question is the following: is it possible to authorize punctually all MAC addresses to access the network while we recover them to configure Freeradius?
>
> Yes.
>
>> The idea would be to add a line like :
>> ALL_MAC_ADDRESS Cleartext-Password := "ALL_MAC_ADDRESS", Machine-Name := "NEW_MACHINE"
>> Does Freeradius allow regular expressions in its configuration file?
>
> The documentation for the "files" module says how it works. It doesn't support regular expressions here.
>
> But "unlang" does.
>
>> If yes, what should be the form of this regular expression?
>
> We don't document how regular expressions work. There is a lot of documentation elsewhere on the net for that.
>
> What you can do in FreeRADIUS is something like this:
>
> authorize {
> ...
> files
> if (notfound) {
> #
> # All MAC auth has this
> #
> if (User-Name != User-Password) {
> reject
> }
>
> #
> # Check the *format* of MAC auth
> #
> if (User-Name !~ /stuff/) {
> reject
> }
>
> ... else it's an actual MAC auth, do something
> }
>
> The "stuff" in the regular expression line is what you'll have to write. We can't really advise how to do that here, as (a) different vendors have randomly different formats for MAC auth, and (b) regular expressions are well documented in many places all over the net.
>
> Alan DEKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Pascal Legrand
Service Informatique
1, place Roger Joly 28000 Chartres
02 37 91 83 36
More information about the Freeradius-Users
mailing list