Thanks a lot! That worked.
-Vineet
Phil Mayers wrote:
Vineet Verma wrote:
Hi,
I have been able to configure FreeRadius to successfully
authenticate a client based on the MAC address with entries like:
00-0c-41-5f-91-4b Auth-Type := Local, User-Password ==
"00-0c-41-5f-91-4b"
Acct-Interim-Interval = 60
Is there any way to configure it so I don't have to list every
client? For example can I have some kind of glob as follows, say for
all clients with OUI 00-0c-41:
00-0c-41-* Auth-Type := Local, User-Password == "00-0c-41-5f-91-4b"
Acct-Interim-Interval = 60
If not, how do I do something like this?
Try:
DEFAULT User-Name =~ "00-0c-41-..-..-..", Auth-Type := Accept
Acct-Interim-Interval = 60
If this is a multi-NAS server (e.g. dialup+802.1x+macauth) you'll want
to put more checks on the first line e.g. NAS-Port-Type == Ethernet,
Huntgroup-Name == "mac-auth-switches" to avoid the minor security hole
of a user on the other NASes being able to set their username to a MAC
address.
Thanks,
Vineet
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html