MAC Auth (new problem)

Tue Dec 16 01:56:22 CET 2008

I completely agree with you! I am still curious to why adding a user is not
an option though. Hopefully we will be "enlightened" as to why it is not an
option.

2008/12/15 <tnt at kalik.net>

> To be fair, there probably is a way to create an unlang hack (are we
> going to advocate unlang auth now) that can tie up mac address from the
> user entry with the one in the mac auth request (regexp check if
> username is mac address; if it is see if there is such mac address in
> the database and force Auth-Type Accept; there was some mention of the
> password, but that can be sorted as well) without breaking everything
> else on the server.
>
> But why? If you can create user entry and add mac address as an attribute
> value it requires minimal effort on user admin side to create an entry
> with mac address as username value at the same time. A simple additional
> insert. Even if it is a closed code solution that you can't change, you
> can always make two entries - one for the user as username and one with
> mac address as username.
>
> Be honest, if your user admin application can't do what you want, should
> you:
>
> - hack your radius server?
>
> - hack your user admin application?
>
> It is credit to the quality and flexibility of Freeradius that messing
> with the radius server comes up as an option at all.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> Dana 15/12/2008, "Leigh Martell" <leigh.martell at gmail.com> piše:
>
> >Well thats not entirely true; you can create an association table(if thats
> >the right term) which has id,username, mac and then edit your query with
> >some joins and additional magic...I would not suggest this but it is
> >possible just very messy. I would highly recommend doing this the
> >traditional way...at least if you value your sanity ;-).
> >
> >--
> >Leigh
> >
> >On Mon, Dec 15, 2008 at 4:22 PM, <tnt at kalik.net> wrote:
> >
> >> >In my case I can't look for MAC in Username field and I have to look
> for
> >> >that mac in Value field. Hope that have a way to make this happens.
> >> >
> >>
> >> You don't seem to get the problem. You have set up your AP to do mac
> >> authentication. When you do that, mac address is sent in the username
> >> filed. If you don't want that, don't set your AP to do mac auth. Set
> >> it to do user authentication. When you are doung user auth, mac address
> >> should appear as Calling-Station-Id (should).
> >>
> >> There is *nothing* you can do in freeradius that will make your AP do
> >> this. You have to configure the AP to do that.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081215/2d95e4a9/attachment.html>