[RADIATOR] Client MAC:xx-xx-xx-xx-xx-xx
Heikki Vatiainen
hvn at open.com.au
Sat Apr 2 13:11:18 CDT 2011
On 03/29/2011 06:02 PM, Adam Bishop wrote:
> It seems that it was not being detected as the NAS is appending its SSID
> to the C-S-I.
>
> Rather than using a hook, I have taken the line terminators out of the
> regex and it seems to give the intended behaviour (I don't really want to
> strip the AP name as it is useful metadata, though writing it to another
> attribute is an option (Real-Called-Station-ID?)).
>
> I wonder if pulling the MAC out of C-S-I is something radiator should do
> by default regardless of its formatting as far as possible (adjusting the
> regex to pick up MAC's "in-line", and allowing for - : and maybe . as
> separators), as it seems that most AP's do append the SSID.
There is now a patch in the latest patch set for 4.7 that should pick up
the MAC when the SSID is there. It does not try to work with all
possible formats but it does allow the format recommended in RFC 3580
Client addresses in the form MAC:nn-nn-nn-nn-nn-nn now work
even if the Called-Station-Id has the SSID of the AP appended
as described in http://tools.ietf.org/html/rfc3580#section-3.20
> There are a number of limitations to using MAC client identification
> anyway (spoofing etc.) so I don't think changing this behaviour would
> cause any repercussions, as anyone who is using is _should_ understand its
> weaknesses.
Thanks!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list