EAP & MAC Auth

[Russell Mike]

Thanks Phil

Thanks, that is what i was asking. You have answered it right.
Grateful!!!!  But i will explain the case

We are small wireless ISP (500 customers) We have several base stations
across city. Where Motorola AP's are covering 360 Degrees.  Customer are
connecting using Motorola SM, We point SM to the direction of AP. Motorola
supports EAP authentication, which have been configured, alright. But This
has been noticed that someone (anyone) can point the SM to the direction of
AP and get access to our network. Which we are secureing using EAP
authentication. But we want to use MAC authorize, if MAC is not in database
= reject.

or i should say how can i authorize a SM using calling-station-id (MAC of
SM)

Thanks for your advice earlier.

RM --



On Tue, Jun 17, 2014 at 3:21 PM, Phil Mayers <p.mayers at imperial.ac.uk>
wrote:

> On 17/06/14 16:07, Russell Mike wrote:
>
>> Hi List Members
>>
>>
>> How can we do EAP authentication & MAC address look up in addition
>> (stored in MySQL DBMS) before accepting?
>>
>
> This question is very vague. Please be more specific.
>
> The literal answer is "put an SQL lookup into your config" but this
> doesn't help you.
>
> Here's an example of something you might do:
>
> authorize {
>   ...
>   if (EAP-Message && Calling-Station-Id) {
>     # some SQL query to find out which username
>     # is allowed for this MAC address
>     update control {
>       Tmp-String-0 := "%{sql: ... where mac='%{Calling-Station-Id}'}"
>     }
>     if (control:Tmp-String-0 != "%{User-Name}") {
>       # this username isn't allowed from this mac
>       reject
>     }
>   }
>   ...
>   eap
> }
>
> If you want a more specific example, please ask a more specific question.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140617/0bc98961/attachment.html>