AW: MAC authentification

Alan DeKok aland at deployingradius.com
Wed Oct 22 10:55:30 CEST 2008


Frederik.Niedernolte at Bertelsmann.de wrote:
> So a simple entry like
> 
> User42 MAC := "02:01:02:03:04:05"
> 
> in the users file would be enough!?

  No.  I mentioned the "User-Name" attribute, not the "MAC" attribute.

  Do you see the "MAC" attribute in the RADIUS packet?  Does reading the
"man" page for the "users" file lead you to believe that an entry like
above will do *anything*?

  What I said was this:  "MAC authentication" is nearly always just
normal username/password authentication.  If you can configure
username/password authentication, you can configure MAC authentication.
 Just give the "users" names that match the MAC addresses in the
Access-Request, and be sure that the "passwords" match the User-Password
field in the Access-Request.

  It would help to *look* at an Access-Request for MAC authentication,
and forget that it's something magic called "MAC authentication".
Instead, figure out how you would get this user authenticated in normal
user authentication.

  Alan DeKok.



More information about the Freeradius-Users mailing list