Authentication either username or mac address

Mohammad Mahefooz mahefooz4u at gmail.com
Tue Dec 4 14:44:31 CET 2018 

 In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if we
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to know
if it is feasible?

1 - open this path
/etc/freeradius/sql/mysql/dialup.conf
======================================
2 - search in : authorize_check_query
reblase all query to :

authorize_check_query = "SELECT id, username, attribute, value, op, mac \
FROM ${authcheck_table} \
WHERE username = '%{SQL-User-Name}' and (mac IS NULL or
mac='%{Calling-Station-Id}') \
ORDER BY id"
=====================================
3 - add new colum `mac` in database in `radcheck` table and set him to
`null`
=====================================
4 - add your current user with the password with the two or three mac's
as you want.

- Mohammad

On Tue, 4 Dec 2018 at 18:58, Alan DeKok <aland at deployingradius.com> wrote:

> On Dec 4, 2018, at 6:36 AM, Mohammad Mahefooz <mahefooz4u at gmail.com>
> wrote:
> >
> > I have searched about this, but couldn't find proper answer. If it has
> > been already answered kindly share the link. Would like to authenticate
> > users either with username or specified mac address.
>
>   If the MAC is in the User-Name attribute, then you're using
> authenticating by User-Name.  FreeRADIUS doesn't care what's *in* the
> User-Name.
>
> > Generally we can
> > authenticate users either when using only username or only mac address
> > (using mac authentication). But let's say we want to give users the
> option
> > of either using username or mac address to login,
>
>   How do you give them that option?
>
> > but count data and
> > session time on username basis, how to achieve this in freeradius?
>
>   Is the User-Name in the access-Request packet?
>
>   You want to do "something".  But you don't know what's in the packets,
> and you don't really know what you want to do.
>
>   So the question is impossible to answer until there's some more detailed
> information.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list