Allow all MAC address

Alan Buxey alan.buxey at gmail.com
Thu Oct 20 10:50:19 UTC 2022 

Hi

There are hundreds of ways that it could be done,  Alan gave you one place
and recipe to make it clear/safe. You just need to configure your
requirements.

Another option would be to have the fail VLAN work with your software  ie
have the fail vlan have enough IP (DHCP etc,  ) and access to the servers
for image deploy.

On Thu, 20 Oct 2022, 08:11 Pascal Legrand, <pascal.legrand at univ-orleans.fr>
wrote:

> Hello and thank you for your answer,
> Is there a solution more simlpe to allow all stations to access the
> network punctually?
> Authorize punctually all MAC addresses?
>
> Thanks again
> Pascal
>
> Le 19/10/2022 à 15:55, Alan DeKok a écrit :
> > On Oct 19, 2022, at 9:48 AM, Pascal Legrand <
> pascal.legrand at univ-orleans.fr> wrote:
> >> I use freeradius to limit the access to our network by filtering MAC
> address:
> >> XXXXXXXXXXXX Cleartext-Password := "XXXXXXXXXXXX", Machine-Name :=
> "COMPUTER_1"
> >
> >    OK.
> >
> >> When we receive new computers, we use the FOG software to deploy a
> clean image on all new computers.
> >> The problem is that we have not yet set up Freeradius to allow these
> news computers to access our network.
> >> My question is the following: is it possible to authorize punctually
> all MAC addresses to access the network while we recover them to configure
> Freeradius?
> >
> >    Yes.
> >
> >> The idea would be to add a line like :
> >> ALL_MAC_ADDRESS Cleartext-Password := "ALL_MAC_ADDRESS", Machine-Name
> := "NEW_MACHINE"
> >> Does Freeradius allow regular expressions in its configuration file?
> >
> >    The documentation for the "files" module says how it works.  It
> doesn't support regular expressions here.
> >
> >    But "unlang" does.
> >
> >> If yes, what should be the form of this regular expression?
> >
> >    We don't document how regular expressions work.  There is a lot of
> documentation elsewhere on the net for that.
> >
> >    What you can do in FreeRADIUS is something like this:
> >
> > authorize {
> >       ...
> >       files
> >       if (notfound) {
> >               #
> >               #  All MAC auth has this
> >               #
> >               if (User-Name != User-Password) {
> >                       reject
> >               }
> >
> >               #
> >               #  Check the *format* of MAC auth
> >               #
> >               if (User-Name !~ /stuff/) {
> >                       reject
> >               }
> >
> >               ... else it's an actual MAC auth, do something
> >       }
> >
> >    The "stuff" in the regular expression line is what you'll have to
> write.  We can't really advise how to do that here, as (a) different
> vendors have randomly different formats for MAC auth, and (b) regular
> expressions are well documented in many places all over the net.
> >
> >    Alan DEKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> --
> Pascal Legrand
> Service Informatique
> 1, place Roger Joly 28000 Chartres
> 02 37 91 83 36
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list