UNCLASSIFIED
______________________________
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of MONTFORD, AUSTIN
Sent: Friday, 16 May 2008 07:31
To: freeradius-users@lists.freeradius.org
Subject: Cisco Mac-Auth-Bypass with Freeradius 2.0.4
Hey,
I just got this working on a test server finally using the users
file and have a quick question. I was wondering is there a way where I
don't have to type the last 3 lines of this everytime in my users file?
I was thinking of using some kind of setup with a seperate file for each
vlan containing only the first statement (with the mac address as the
user/pass). Then $include each vlanfile in the users file with
freeradius appending the correct tunnel statements depending on what
vlanfile the mac address was in. Anyways I haven't quite wrapped my
head around the syntax to do this or am sure this is the best way. If
someone has any advice that would be great.
123400000000 Cleartext-Password := "123400000000"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802"
Tunnel-Private-Group-Id =
"Students"
By the way Freeradius rocks!
Thanks,
Austin
There is a couple of ways to do this.
1. Use groups.
2. Use Fall-Through and group you users file.
Example:
# Set boilerplate text
DEFAULT
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Fall-Through = True
# Staff systems
DEFAULT
Tunnel-Private-Group-Id := "Staff",
Fall-Through = True
$INCLUDE staff.users
# Student systems
DEFAULT
Tunnel-Private-Group-Id := "Students",
Fall-Through = True
$INCLUDE student.users
...
DEFAULT Auth-Type:=reject
Student.users would have lines like:
123400000000 Cleartext-Password := "123400000000"
123500000000 Cleartext-Password := "123500000000"
and could be generated by a script.
Regards,
Frank Ranner
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
