MAC address restriction with EAP-TLS
John T. Guthrie III
guthrie at counterexample.org
Fri Jan 23 20:13:26 CET 2009
Hello all,
We are currently using EAP-TLS authentication with FreeRADIUS at the place
where I work right now. Management would like to be able to restrict the use
of a given certificate for this authentication to specific MAC addresses. In
other words, for each certificate, the desire is to tie that certificate to
one or a couple MAC addresses, and to say that that certificate may only be
used if it is coming from those specific MAC addresses. If the certificate is
used from a different MAC address, then authentication should fail.
I have tried to look for info on this on the web to no avail. I also
understand that EAP-TLS authentication generally needs to be left out of the
users file. But the only way that I can think of to restrict MAC addresses
would be to place some kind of line involving a Calling-Station-ID in the users
file. So I am at a loss.
Does anyone have any suggstions? We are currently using 1.1.3.
Thank you very much.
John Guthrie
guthrie at counterexample.org
More information about the Freeradius-Users
mailing list