Hello, We are using freeradius to do authentication on username/password as well as MAC Address. Users are stored in an LDAP directory and authenticating using an LDAP bind (with EAP-TTLS/PAP) and using the checkItem to check the Calling-Station-Id (MAC). I had everything working well without the MAC Address verification and then tested that part with radclient. The problem I am having is that when our NAS (a Nortel Business Policy Switch 2000) sends the MAC address it cuts out the leading zero in each byte of the MAC Address (for example, 00-03-D2-C7-03-21 becomes 0- 3-D2-C7- 3-21). I don't manage the LDAP directory, that is part of another project but I had the schema extended to include radiusCallingStationId and had the value set to MAC address with the missing zeros. When this is read by freeRadius it only reads 0- and exlcudes the rest (I assume because of the space). Is this because the schema includes the SINGLE-VALUE for the radiusCallingStationId? When I do an ldapsearch, the full value is returned.
As a work around I was thinking of using the exec module to run a sed substitution to replace the blanks with zeros and then the normal MAC could be stored in the directory. Is this possible? If so, where would I put the exec statement? I would assume it would look like Calling-Station-Id = `%{exec:sed s/" "/0/g [someway to get input Calling-Station-Id]}`. I am confued where exec works. Are there any other options to resolve me problem? -Al - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html