It seems that it was not being detected as the NAS is appending its SSID to the C-S-I.
Rather than using a hook, I have taken the line terminators out of the regex and it seems to give the intended behaviour (I don't really want to strip the AP name as it is useful metadata, though writing it to another attribute is an option (Real-Called-Station-ID?)). I wonder if pulling the MAC out of C-S-I is something radiator should do by default regardless of its formatting as far as possible (adjusting the regex to pick up MAC's "in-line", and allowing for - : and maybe . as separators), as it seems that most AP's do append the SSID. There are a number of limitations to using MAC client identification anyway (spoofing etc.) so I don't think changing this behaviour would cause any repercussions, as anyone who is using is _should_ understand its weaknesses. Adam Bishop JANET(UK) On 28/03/2011 12:50, "Heikki Vatiainen" <h...@open.com.au> wrote: >On 03/28/2011 02:39 PM, Christian Kratzer wrote: > >>>> Which attribute does radiator use for comparison when using >>>> MAC-filtering on a client block? Trying to pin down why one of our >>>> clients isn't being picked up by the client block we have set: >>> >>> The attribute is Calling-Station-Id. Its format is like what you have >>> below with hyphens being optional. >> >> I just had a look at the code myself. It seems like it uses >> Called-Station-Id: > >Good catch, thanks. That is true, and that is also what I was thinking. >For some reason I still managed to type Calling :) > >> This is most propably the access points mac address on the air which is >> not necessarily the same as the mac adresse seen on the ethernet. > >That's quite common too. > >With WLANs the SSID might also be added to the end of the MAC address. > >And in case of WLAN controllers the C-S-I may belong to the WLAN >controller. Some controllers also have a setting with which you can >choose to put controller or AP MAC address into Called-Station-Id. > >-- >Heikki Vatiainen <h...@open.com.au> > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >NetWare etc. Book your place at Networkshop 2011 http://www.ja.net/networkshop JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
