Am 20.09.10 15:51, schrieb Alexander Clouter:
PENZ Robert<[email protected]> wrote:
and I've different switch types. Some send the MAC address lower case
the others upper case. For switches which send it lower it case it
works (as the macs are stored lower case in the db). How can I convert
them all in the clear text password attribute to lower case? The
attr_rewrite module looks good, but the only way I see is to have 6
rewrite rules each replacing one letter, but that seems inefficient.
The matching in the SQL Database works case insensitive and returns a
row but the pap check logs following:
Do the mac-auth via unlang and not PAP.
----
policy {
...
mac_auth {
if (Realm == NULL&& !(EAP-Message)&& NAS-Port-Type == Ethernet \
&& Service-Type == Call-Check \
&& User-Name == "%{User-Password}" \
&& User-Name =~ /^[0-9a-f]{12}$/i \
&& Calling-Station-Id =~
/^([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})-([0-9a-f]{2})$/i
\
&& User-Name =~ /^%{1}%{2}%{3}%{4}%{5}%{6}$/i) {
ok
}
else {
noop
}
}
...
}
authorize {
...
mac_auth
if (ok) {
update control {
Auth-Type := Accept
}
# 'handled' does not work here
ok = return
}
...
}
----
You might need to tweak the policy{} rule to meet your local needs; the
above is what I use for our Cisco switches. You could tweak the above
so that 'mac_auth' sets 'Cleartext-Password = "%{User-Password}"' but
I personally cannot see the reason to bother when you can just skip
authenticate{} completely.
If you really do need to lowercase something, the only way to do it
really is to use 'exec' and call 'tr A-F a-f', nasty but it works.
Cheers
If your using SQL then I would simply modify the SQL querry to INSERT
everything in lower case only PLUS to SELECT everything in lowercase
only. You can simply modify those querries afaik. I just figured that as
well and it made my live WAY easier - but I used it for my MailServer
configuration - and it works perfect - no matter whether its PostgreSQL
(which I'm using), or MySQL ... even others such as Oracle, etc. offer
those functions.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
