Mac-Auth

Paulo Maia phc.maia at gmail.com
Fri Jul 8 02:25:15 CEST 2011


Thanks a lot for all your thoughts guys , I`ll take a look at it Jake thanks
.

On Thu, Jul 7, 2011 at 6:33 PM, Sallee, Stephen (Jake) <Jake.Sallee at umhb.edu
> wrote:

>  If I may butt in here…****
>
> ** **
>
> IF you are interested in a FOSS captive portal there is a rather good FOSS
> NAC called packetfence that can do exactly what Mr. Gatten is saying.  It
> uses FreeRADIUS for its 802.1x authentication and has all kinds of neat
> features.  If your interested drop me a line I can give you more info or go
> to their website www.packetfence.org.****
>
> ** **
>
> Jake Sallee****
>
> Godfather of Bandwidth****
>
> System Engineer****
>
> University of Mary Hardin-Baylor****
>
> 900 College St.****
>
> Belton, Texas****
>
> 76513****
>
> Fone: 254-295-4658****
>
> Phax: 254-295-4221****
>
> ** **
>
> *From:* freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org[mailto:
> freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] *On
> Behalf Of *Gary Gatten
> *Sent:* Thursday, July 07, 2011 5:09 PM
>
> *To:* 'FreeRadius users mailing list'
> *Subject:* RE: Mac-Auth****
>
>  ** **
>
> MAC-Auth has its place, but I agree with some others this isn’t the best
> fit.  MAC spoofing = easy.  User gets new NIC or computer = often.****
>
> ** **
>
> “You” don’t need to do anything on the client.  How about you set a default
> VLAN with restrictions, a captive portal of sorts.  They don’t *need *to
> “login”, but every DNS request lands them on a page that says: You’re not
> authenticated; you need to follow the directions in this link.  Have a
> how-to with pretty pictures and stuff, I’m sure there are many already on
> the web. ACL on the default “GUEST” VLAN restricts their IP access as you
> see fit.****
>
> ** **
>
> Bottom line, users can enable / configure 802.1x supplicant themselves with
> a little guidance.  In the long run you’ll be WAY better off with 802.1x.
> IMHO.****
>
> ** **
>
> G****
>
> ** **
>  ------------------------------
>
> *From:* freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org[mailto:
> freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] *On
> Behalf Of *Paulo Maia
> *Sent:* Thursday, July 07, 2011 4:10 PM
> *To:* FreeRadius users mailing list
> *Subject:* Re: Mac-Auth****
>
> ** **
>
> I dont want to enable 802.1x auth in the clients coz i have over 3000
> computers and i dont have AD to set a gpo to set in all clients  ....  But i
> do have all mac-addresses . I dont know if im going the wrong way here .
>
> Thanks ,****
>
> On Thu, Jul 7, 2011 at 5:59 PM, Paulo Maia <phc.maia at gmail.com> wrote:****
>
> Ok guys thanks .
> One other question tough  .... i have configured radius settings in the
> switch (c2960g) with aaa-newmodel dot1x port-control auto and the requests
> are getting to the radius server OK . But it keeps asking for user/pass auth
> and . Is there a way to authenticate the mac-address without enable 802.1x
> in the client computer ?  ****
>
> ** **
>
> On Thu, Jul 7, 2011 at 4:19 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> wrote:****
>
> Hi,****
>
> >    Hi Guys ,
> >    Here is the thing , im trying to use Mac-Auth , I managed to get
> working
> >    using authorized-macs files , although i need to use a mysql table�witch
> >    i already have with the ssid and mac-address fields and i need to add
> an
> >    operator to expired macs , coz i work at a college campus and students
> >    mac-addresses need to expire acording to their course period . Any
> ideas ?
> >    Thanks in advance .****
>
> put MAC address in the radcheck table and set an Expiration. should work a
> treat
>
> 00-11-22-33-44-55 Expiration := "10 Jul 2011"
>
>
> alan****
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html****
>
> ** **
>
> ** **
>
> "This email is intended to be reviewed by only the intended recipient and
> may contain information that is privileged and/or confidential. If you are
> not the intended recipient, you are hereby notified that any review, use,
> dissemination, disclosure or copying of this email and its attachments, if
> any, is strictly prohibited. If you have received this email in error,
> please immediately notify the sender by return email and delete this email
> from your system." ****
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110707/c7b85307/attachment.html>


More information about the Freeradius-Users mailing list