Thanks a lot! That worked.

-Vineet


Phil Mayers wrote:
Vineet Verma wrote:
Hi,
I have been able to configure FreeRadius to successfully authenticate a client based on the MAC address with entries like:

00-0c-41-5f-91-4b Auth-Type := Local, User-Password == "00-0c-41-5f-91-4b"
       Acct-Interim-Interval = 60

Is there any way to configure it so I don't have to list every client? For example can I have some kind of glob as follows, say for all clients with OUI 00-0c-41:

00-0c-41-* Auth-Type := Local, User-Password == "00-0c-41-5f-91-4b"
       Acct-Interim-Interval = 60

If not, how do I do something like this?

Try:

DEFAULT    User-Name =~ "00-0c-41-..-..-..", Auth-Type := Accept
    Acct-Interim-Interval = 60

If this is a multi-NAS server (e.g. dialup+802.1x+macauth) you'll want to put more checks on the first line e.g. NAS-Port-Type == Ethernet, Huntgroup-Name == "mac-auth-switches" to avoid the minor security hole of a user on the other NASes being able to set their username to a MAC address.


Thanks,
Vineet

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to