Alan, Thank you for the response. Was your first input:
"Don't set Auth-Type. User "Cleartext-Password := ...", not "User-Password == ..." a correction of what I am using or syntax to accomplish the unknown/known user issue? In other words which syntax takes care of the unknown users and which takes care of the known users? I am still unclear about how freeradius identifies and returns values for unknown users. Thank you, Brian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, August 27, 2007 1:38 AM To: FreeRadius users mailing list Subject: Re: Freeradius, Cisco WLC, Mac address auth. Brian Ertel wrote: > I have freeradius working with a Cisco 2000 series controller. A > wireless client attempts to associate with a WAP the controller sends an > auth request to freeradius who sees the mac address of the user: > > 00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing" Don't set Auth-Type. User "Cleartext-Password := ...", not "User-Password == ..." > That puts the user in vlan 157, great, it works. So that is for a user > whose mac address is known. Now I'd like to work with unknown users. > The trouble is once one enable mac address filtering on the Cisco it > will alway call to radius. Is there away to allow all MAC addresses to > be accepted in the "users" config similar to the above? List all known MAC addresses first. Then, do: DEFAULT User-Name =~ "([0-9a-fA-F]:)5[0-9a-fA-F]", Auth-Type := Accept ... vlan stuff i.e. forcing acceptance or rejection of a user is one of the few times that setting Auth-Type is permitted. > That way I > could throw all unkown users into a restricted access vlan which > redirects them to a registration page which in turn takes their mac > address and injects it into freeradius thus making them a "known" user > and puts them in a normal access vlan... Yup. That's a common configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
