Hi,
> If I use AD or SQL, can I write a script to accomplish the logic I need so I
> don't have to type in each individual MAC as UN/PW in the database? It still
> sounds like I need to (for example in AD) manully input each of them in the
> database. Can you please give me details about how to implement it in this
> case?
for using AD - not without difficulty because it will want both bits. you could
use FreeRADIUS itself and a bit of unlang...for example.
if you really dont care about the actual MAC address? in which case you could
use unlang to check if its a MAC address ..and that its come from a particular
group of
switches eg something like
authorise {
if("%{User-Name}" =~ /[0-9a-z]{12}/i && "%{Huntgroup-Name}" ==
"MAB-switches"){
update control {
Auth-Type := MAB
}
ok = return
}
}
authenticate {
Auth-Type MAB {
ok
}
}
you can then add the bits into unlang for post-auth for returning the correct
VLAN.
with older MAB you could do simple User-Name == Cleartext-Password - but with
MD5 now
in play I think you then enter the world of PERL or python on the FR box to
deal with that.
PS my example was just roughly typed up - there may well be errors and it'll
only work
if you've got eg
MAB-switches NAS-IP-Address == 172.16.1.4
MAB-switches NAS-IP-Address == 172.16.1.5
MAB-switches NAS-IP-Address == 172.16.1.6
in the raddb/huntgroups file (and ensure preprocess module is called before
the unlang
in authorise section!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
