MAC Auth (new problem)

Nataniel Klug nata at cnett.com.br
Tue Dec 16 12:08:43 CET 2008 

I would like to have this easy configuration but this is not possible at 
the moment. Lazy = spend a lot of money... yes I am lazy... ;)

tnt at kalik.net escreveu:
> I can't possibly imagine that there can be any reason for not adding mac
> address as another user apart from being lazy.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 16/12/2008, "Leigh Martell" <leigh.martell at gmail.com> piše:
>
>   
>> I completely agree with you! I am still curious to why adding a user is not
>> an option though. Hopefully we will be "enlightened" as to why it is not an
>> option.
>>
>> 2008/12/15 <tnt at kalik.net>
>>
>>     
>>> To be fair, there probably is a way to create an unlang hack (are we
>>> going to advocate unlang auth now) that can tie up mac address from the
>>> user entry with the one in the mac auth request (regexp check if
>>> username is mac address; if it is see if there is such mac address in
>>> the database and force Auth-Type Accept; there was some mention of the
>>> password, but that can be sorted as well) without breaking everything
>>> else on the server.
>>>
>>> But why? If you can create user entry and add mac address as an attribute
>>> value it requires minimal effort on user admin side to create an entry
>>> with mac address as username value at the same time. A simple additional
>>> insert. Even if it is a closed code solution that you can't change, you
>>> can always make two entries - one for the user as username and one with
>>> mac address as username.
>>>
>>> Be honest, if your user admin application can't do what you want, should
>>> you:
>>>
>>> - hack your radius server?
>>>
>>> - hack your user admin application?
>>>
>>> It is credit to the quality and flexibility of Freeradius that messing
>>> with the radius server comes up as an option at all.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>> Dana 15/12/2008, "Leigh Martell" <leigh.martell at gmail.com> piše:
>>>
>>>       
>>>> Well thats not entirely true; you can create an association table(if thats
>>>> the right term) which has id,username, mac and then edit your query with
>>>> some joins and additional magic...I would not suggest this but it is
>>>> possible just very messy. I would highly recommend doing this the
>>>> traditional way...at least if you value your sanity ;-).
>>>>
>>>> --
>>>> Leigh
>>>>
>>>> On Mon, Dec 15, 2008 at 4:22 PM, <tnt at kalik.net> wrote:
>>>>
>>>>         
>>>>>> In my case I can't look for MAC in Username field and I have to look
>>>>>>             
>>> for
>>>       
>>>>>> that mac in Value field. Hope that have a way to make this happens.
>>>>>>
>>>>>>             
>>>>> You don't seem to get the problem. You have set up your AP to do mac
>>>>> authentication. When you do that, mac address is sent in the username
>>>>> filed. If you don't want that, don't set your AP to do mac auth. Set
>>>>> it to do user authentication. When you are doung user auth, mac address
>>>>> should appear as Calling-Station-Id (should).
>>>>>
>>>>> There is *nothing* you can do in freeradius that will make your AP do
>>>>> this. You have to configure the AP to do that.
>>>>>
>>>>> Ivan Kalik
>>>>> Kalik Informatika ISP
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>>
>>>>>           
>>>>         
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>>       
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   

-- 
Att,

NATANIEL KLUG
nata at cnett.com.br

LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/

Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290

"... também os sábios possuem coraça~o tangível e podem, por vezes, usar da cie^ncia como meio de demonstrar impresso~es sentimentais de que muitos na~o os julgam suscetíveis."
Visconde de Taunay

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081216/6dc78591/attachment.html>

More information about the Freeradius-Users mailing list