Hi. I'm still having a hard time of implementing the Calling-Station-Id Authentication. Basis is a Cisco Catalyst with "Mac-Authentication-Bypass" turned on.
Alan DeKok told me, that I can use sql.conf: # Use Stripped-User-Name, if it's there. # Else use User-Name, if it's there, -->># Else use hard-coded string "DEFAULT" as the user name.<<-- sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}" To tell freeradius, that there is no user-name. Ok, I've done that, but It gives me this error: rad_recv: Access-Request packet from host 192.168.1.222:1038, id=13, length=45 Service-Type = Call-Check Calling-Station-Id = "11-22-33-44-55-66" -->> rlm_sql (sql): zero length username not permitted <<-- That's basically the same packet, the Cisco Switch sends as Auth-Request. Notice, that there is NO user-name in here at all. The fact is also mentioned in the sql Source-Code: /* * They MUST have a user name to do SQL authorization. */ if ((request->username == NULL) || (request->username->length == 0)) { radlog(L_ERR, "rlm_sql (%s): zero length username not permitted\n", inst->config->xlat_name); return RLM_MODULE_INVALID; } Switching to "file-based-Authentication" (in radiusd.conf) it works immediately: rad_recv: Access-Request packet from host 192.168.1.222:1044, id=19, length=45 Service-Type = Call-Check Calling-Station-Id = "11-22-33-44-55-66" Sending Access-Accept of id 19 to 192.168.1.222:1044 Reply-Message = "Hello" So, it's really a limitation in sql, rather that a misconfiguration? Would be nice, if anyone can confirm this! Bye Flo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html