Storing user MAC address after first auth
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Thu May 7 13:30:48 CEST 2009
On 7/5/09 10:18, Tomas Mecir wrote:
> Greetings !
>
> I have the following situation here that I'd like to ask for some
> assistance with, if possible:
>
> My client has a RADIUS server installed (running freeRADIUS 2.0.5),
> and routers working as hotspots that users can connect to. Users can
> authorize against the RADIUS server using a name/password combination,
> which is stored in a MySQL database (using the rlm_sql module and the
> Cleartext-Password attribute in the radcheck table). This part works
> correctly.
>
> Now, my client wants an extra check to be added which would allow each
> user to login only from a specific MAC address, which can be different
> for each user, and which is obtained when the user logs in for the
> first time. Checking the MAC address is easy, as the hotspot is
> sending the MAC address in the Calling-Station-Id attribute that I
> could easily store in the radcheck table as well - but the problem is
> that this MAC address is not known when the name/password pair is
> being added to the radcheck table, and I am to make it so that when
> the user is successfully authorized for the first time, there is no
> MAC check, but the user's current MAC address is remembered on the
> server, and further logins are only permitted from that MAC address.
>
> So, I am thinking that the best solution would be to have the RADIUS
> server add a new "(username), 'Calling-Station-Id', '=', (user's MAC)"
> entry to the radcheck table, right after a successful SQL auth step,
> if such an entry isn't yet in the table.
>
> And my question is - is there a way to accomplish this with existing
> FreeRADIUS modules, or do I need to implement my own module to do this
> ?
Nope that's trivial, but you'll need to upgrade to the latest version of
FR. As your using MySQL you can use a bit of MySQL specific syntax.
>
> Thank you !
>
> / Tomas
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
More information about the Freeradius-Users
mailing list