Hello,
We are using freeradius to do authentication on username/password as well as MAC
Address. Users are stored in an LDAP directory and authenticating using an LDAP bind
(with EAP-TTLS/PAP) and using the checkItem to check the Calling-Station-Id (MAC). I
had everything working well without the MAC Address verification and then tested that
part with radclient. The problem I am having is that when our NAS (a Nortel Business
Policy Switch 2000) sends the MAC address it cuts out the leading zero in each byte of
the MAC Address (for example, 00-03-D2-C7-03-21 becomes 0- 3-D2-C7- 3-21). I don't
manage the LDAP directory, that is part of another project but I had the schema
extended to include radiusCallingStationId and had the value set to MAC address with
the missing zeros. When this is read by freeRadius it only reads 0- and exlcudes the
rest (I assume because of the space). Is this because the schema includes the
SINGLE-VALUE for the radiusCallingStationId? When I do an ldapsearch, the full value
is returned.
As a work around I was thinking of using the exec module to run a sed substitution to
replace the blanks with zeros and then the normal MAC could be stored in the directory.
Is this possible? If so, where would I put the exec statement? I would assume it
would look like Calling-Station-Id = `%{exec:sed s/" "/0/g [someway to get input
Calling-Station-Id]}`. I am confued where exec works.
Are there any other options to resolve me problem?
-Al
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
