MAC authentication using FreeRadius

Tue Dec 29 11:27:40 CET 2015

man unlang
freeradius.org/radiusd/man/unlang.html

basically you need something like
if ("%{sql:SELECT count(*) FROM your_table WHERE mac_Address = '%{Calling-Station-Id}'}" > 0) {
 update control {
 Auth-Type := Accept
 
 }
 }


On 12/29/15 01:18 PM, "Max .M"  <mmourand at gmail.com> wrote: 
> 
> Could you give me more details or a link explaining how to achieve this
> please ?
> I'm new to freeradius and all this, this would be really helpful.
> 
> Also, security is not an issue for them, also it's just basic guest access
> on a separate network.
> 
> Thanks
> 
> 2015-12-29 2:33 GMT-05:00 Anirudh Malhotra <amalhotra.sp-dl at nkn.in>:
> 
> > Hi,
> >
> > So when you are registering the user you must be keeping the MAC of the
> > user, if not, keep it in whatever registering table you are keeping rest of
> > the details.
> > Then use unlang in authorize section to check calling station id if it
> > matches change auth-type to accept.
> >
> > I wouldn't suggest this though, as MACs can be spoofed easily. The better
> > method would be to use encrypted cookies(just like remember my password
> > ones) so that the captive portal gets those cookies and lets user log in.
> >
> > BR,
> > Anirudh Malhotra
> >
> > On 12/29/15 12:54 PM, "Max .M" <mmourand at gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > thanks for taking the time to read.
> > >
> > > When this person that registered will leave the shop and come back 3 days
> > > later, I want it to bypass the captive portal. This is why I will
> > activate
> > > MAC authentication on the access point.
> > > I just need a way to tell the access point : if mac adress of MAC auth is
> > > in SQL database, then authenticate (bypass captive portal)
> > >
> > > Thank you,
> > >
> > > 2015-12-29 2:10 GMT-05:00 Anirudh Malhotra <amalhotra.sp-dl at nkn.in>:
> > >
> > > > Hi,
> > > >
> > > > Your question is not very clear.
> > > > Presuming that you want to store the MAC's of whoever is connecting
> > > > > this is already being done in radacct table
> > > > if people are registering they must be connected right? and when they
> > are
> > > > connected why do you need their MAC address after they are connected
> > what
> > > > help would that do?
> > > >
> > > > BR,
> > > > Anirudh Malhotra
> > > >
> > > > On 12/29/15 09:11 AM, "Max .M" <mmourand at gmail.com> wrote:
> > > > >
> > > > > Hi everyone,
> > > > >
> > > > > i'm looking in a way to set-up MAC authentication using FreeRadius
> > and
> > > > > MySQL and any help would be much appreciated :)
> > > > >
> > > > > I have a scenario where multiple shops will have guest
> > authenticating and
> > > > > when someone register to their public wi-fi, we want their MAC to be
> > > > stored
> > > > > in the SQL database and do a check against it using MAC
> > authentication on
> > > > > the Aruba IAPs.
> > > > >
> > > > > I guess I need to find a way to capture the Calling-Station-Id and
> > store
> > > > it
> > > > > into a table into the database and then I need to do a check against
> > it
> > > > for
> > > > > every MAC it receives as a "username and password'
> > > > >
> > > > > Right now I can authenticate to my captive portal using FreeRadius +
> > > > MySQL,
> > > > > I can also enable MAC auth on my IAP and add a user with my phone's
> > MAC
> > > > > address as a username and password and it's working.
> > > > >
> > > > > I'm really looking into a way to automate this :)
> > > > >
> > > > > Thanks a lot
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>