It's the section for the sites/default file that makes mac auth work. Honestly, I'm new at this. I used the stock pollicy that came with the Debian package, and just tacked on the the rewrite station ID at the end, before the last "}"
If I where you, I'd start from scratch, and follow the wiki page, it should be correct now. I just got lucky in noticing typos. -Joren On Mon, Apr 11, 2011 at 4:09 AM, syharash <[email protected]> wrote: > Joren, > > This is how my policy looks, could you please let me know what changes do i > need to make, to make the mac-authentication work; > > policy { > # > # Rewrite called station id attribute into a standard format. > # > rewrite_calling_station_id { > if(request:Calling-Station-Id =~ > > /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){ > update request { > Calling-Station-Id := > "%{1}-%{2}-%{3}-%{4}-%{5}-%{6}" > } > } > else { > noop > } > } > # > # Forbid all EAP types. > # > forbid_eap { > if (EAP-Message) { > reject > } > } > > # > # Forbid all non-EAP types outside of an EAP tunnel. > # > permit_only_eap { > if (!EAP-Message) { > # We MAY be inside of a TTLS tunnel. > # PEAP and EAP-FAST require EAP inside of > # the tunnel, so this check is OK. > # If so, then there MUST be an outer EAP message. > if (!"%{outer.request:EAP-Message}") { > reject > } > } > } > > # > > also my /etc/raddb/users file looks like this; > > DEFAULT > Tunnel-Type = VLAN, > Tunnel-Medium-Type = IEEE-802, > Service-Type = Framed-User, > Fall-Through = Yes > > 00-1F-3C-D1-2B-6C > User-Name = "subhash", > Cleartext-Password = "sub@1979", > Tunnel-Private-Group-ID = "17" > > > -- > View this message in context: > http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.html > Sent from the FreeRadius - User mailing list archive at Nabble.com. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
