MAC Auth (new problem)

tnt at kalik.net tnt at kalik.net
Tue Dec 16 10:51:41 CET 2008 

Look, you can make a solution that will work for this specific case. And
then you get a new AP that sends the mac address with different
delimiters. Or even worse - no delimiters at all. What then?

Don't go the route that will fail you in the future. Create a solution
that will work. Every time and with every equipment. That means creating
additionl user entry where username will be mac address; mac address in
the database shouldn't have delimiters (both as usernames and ones
stored as calling station ids in user profile); you should rewrite mac
adress format(s) matching usernames and calling station ids and strip
out delimiters from them in hints file. That's what you should do.

Ivan Kalik
Kalik Informatika ISP

Dana 16/12/2008, "Nataniel Klug" <nata at cnett.com.br> piše:

>Leigh and Ivan,
>
>I have a system that works on my WISP and this program is not hackable
>(economic reasons -- this would cost too much to alter). As I already
>have all my clients MAC address into radcheck table (as a value for
>Calling-Station-Id) why can't I use this MAC to authenticate it in my
>NAS/AP? This is my question. Why can't I look for the MAC in another
>colum besides "Username" colum? There should be some way cheaper to me...
>
>Leigh Martell escreveu:
>> I completely agree with you! I am still curious to why adding a user
>> is not an option though. Hopefully we will be "enlightened" as to why
>> it is not an option.
>>
>> 2008/12/15 <tnt at kalik.net <mailto:tnt at kalik.net>>
>>
>>     - hack your radius server?
>>
>>     - hack your user admin application?
>>
>>     It is credit to the quality and flexibility of Freeradius that messing
>>     with the radius server comes up as an option at all.
>>
>>     Ivan Kalik
>>     Kalik Informatika ISP
>>
>>
>
>--
>Att,
>
>NATANIEL KLUG
>nata at cnett.com.br
>
>LEIA O DIA-A-DIA DO NATA
>http://nataklug.blogspot.com/
>
>Cyber Nett - Internet Banda Larga
>www.cnett.com.br
>(42) 3635-2957
>Rua Diogo Pinto, 1046, Centro
>Laranjeiras do Sul - PR
>Brasil - 85301-290
>
>"... também os sábios possuem coraça~o tangível e podem, por vezes, usar da cie^ncia como meio de demonstrar impresso~es sentimentais de que muitos na~o os julgam suscetíveis."
>Visconde de Taunay
>
>
>

More information about the Freeradius-Users mailing list