From a5eaeef925b37ffa60ee82307e62d8ed9e3321c9 Mon Sep 17 00:00:00 2001 From: James Tocknell Date: Mon, 30 Jun 2025 22:13:48 +1000 Subject: [PATCH] Add instance of files mod to do mac-auth This is based on https://wiki.freeradius.org/guide/Mac-Auth updated to the latest syntax. This does not include changes to the default site to enable it nor is a mac-auth-only site added (this could be added in the future). --- raddb/mods-available/files | 9 +++++++++ raddb/mods-config/authorized_macs/accounting | 5 +++++ raddb/mods-config/authorized_macs/authorize | 14 ++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 raddb/mods-config/authorized_macs/accounting create mode 100644 raddb/mods-config/authorized_macs/authorize diff --git a/raddb/mods-available/files b/raddb/mods-available/files index cb9658c42d20..10d4033bd39f 100644 --- a/raddb/mods-available/files +++ b/raddb/mods-available/files @@ -70,3 +70,12 @@ files files_accounting { # key = "%{Stripped-User-Name || User-Name}" filename = ${modconfdir}/files/accounting } + +# +# ## An instance of the `files` module for authorizing access for WiFi clients +# ## via their MAC address +# ## Based on https://wiki.freeradius.org/guide/Mac-Auth +# +files authorized_macs { + key = "%{Calling-Station-ID}" +} diff --git a/raddb/mods-config/authorized_macs/accounting b/raddb/mods-config/authorized_macs/accounting new file mode 100644 index 000000000000..185c79d14133 --- /dev/null +++ b/raddb/mods-config/authorized_macs/accounting @@ -0,0 +1,5 @@ +# This is like the 'users' file, but it is processed only for +# accounting packets. +# +# See the `accounting` file in the files mod for examples + diff --git a/raddb/mods-config/authorized_macs/authorize b/raddb/mods-config/authorized_macs/authorize new file mode 100644 index 000000000000..77f25ab15701 --- /dev/null +++ b/raddb/mods-config/authorized_macs/authorize @@ -0,0 +1,14 @@ +# +# Configuration file for the rlm_files module. +# Please see rlm_files documentation for more information. +# +# This file contains authentication security and configuration +# information for each user. Accounting requests are NOT processed +# through this file. Instead, see the 'accounting' file in this directory. +# +# This file follows the same format as other instances of the files mod, see +# the `files/authorize` for more details and examples +# +# An example entry is below +#00-00-5E-00-53-FF +# Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized for network access"