Mac based auth
Alan DeKok
aland at deployingradius.com
Mon Nov 27 16:38:07 CET 2006
jonr at destar.net wrote:
>> The format is whatever format the NAS sends in the User-Name attribute.
>
> Thanks Alan, that helped more than you know.
It's little things like that that make a *big* difference in setting
up a system for the first time. And yes, I cover all of this in my
book, which will be done real soon now...
> This is what I am trying to do, I have a user in my users file, before they are
> allowed to authenticate I want to also check that the MAC address sent in the
> Calling-Station-Id matches what is in the users file. So I would check not only
> for the username/passowrd but also that the MAC was the same for that user.
i.e. each user has a pre-defined MAC they're allowed to use?
> Is checkval what I am looking for or is there a certain syntax for the users
> file that I am missing? I have read the /doc/processing_users_file, man 5 users
> and been going through the config files in the /etc/raddb. directory, with no
> success.
You can do:
bob Calling-Station-Id != "0001....", Auth-Type := Reject
But that's awkward to scale to many users.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list