I'm trying to have freeradius authenticate MAC addresses or userids for wireless access points. I have the MAC addresses defined in the users file like this
00062518a9e6 User-Password == "00062518a9e6" and the userids authenticate their passwords against LDAP. What I'm seeing is even though the MAC address entry is found it, the LDAP server is also being asked about the MAC address, before the password is verified. I'd like for it not to do that since the LDAP server doesn't know about them. I've tried setting things like fall-through and that seems to only effect scanning the rest of the users file, and using regular expressions to match the format of MAC address and userids to force the auth-type with no luck. Does anyone have any other ideas I can try? rad_recv: Access-Request packet from host 10.255.200.1:1645, id=203, length=118 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = "00062518a9e6" User-Password = "00062518a9e6" Called-Station-Id = "000d.ed4c.fbcf" Calling-Station-Id = "0006.2518.a9e6" NAS-Port-Type = Virtual NAS-Port = 387 NAS-IP-Address = 10.255.200.1 NAS-Identifier = "ACCESSPOINT1" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "00062518a9e6", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched 00062518a9e6 at 247 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for 00062518a9e6 radius_xlat: '(cn=00062518a9e6)' radius_xlat: 'ou=people,o=ul' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to lserver.louisville.edu:389 rlm_ldap: bind as / to lserver.louisville.edu:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=users,o=ul, with filter (cn=00062518a9e6) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [00062518a9e6] (from client NetworkManagement port 387 cli 0006.2518.a9e6) Sending Access-Accept of id 203 to 10.255.200.1:1645 Finished request 0 -- Hans K. Fiedler Information Technology Network Analyst Communications Services [EMAIL PROTECTED] 109 Miller Info Tech Center (502)852-7417 (Voice) University of Louisville (502)852-4508 (Fax) Louisville, Ky. 40292 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html