<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Matura MT Script Capitals";
panose-1:3 2 8 2 6 6 2 7 2 2;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="blue">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If I may butt in here…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">IF you are interested in a FOSS captive portal there is a rather good FOSS NAC called packetfence that can do exactly what Mr. Gatten is saying. It uses FreeRADIUS
for its 802.1x authentication and has all kinds of neat features. If your interested drop me a line I can give you more info or go to their website www.packetfence.org.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:28.0pt;font-family:"Matura MT Script Capitals";color:#1F497D">Jake Sallee<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#1F497D">Godfather of Bandwidth<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#1F497D">System Engineer<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">University of Mary Hardin-Baylor<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">900 College St.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">Belton, Texas<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">76513<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">Fone: 254-295-4658<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">Phax: 254-295-4221<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org]
<b>On Behalf Of </b>Gary Gatten<br>
<b>Sent:</b> Thursday, July 07, 2011 5:09 PM<br>
<b>To:</b> 'FreeRadius users mailing list'<br>
<b>Subject:</b> RE: Mac-Auth<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:black">MAC-Auth has its place, but I agree with some others this isn’t the best fit. MAC spoofing = easy. User gets new NIC or computer = often.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">“You” don’t need to do anything on the client. How about you set a default VLAN with restrictions, a captive portal of sorts. They don’t
<b>need </b>to “login”, but every DNS request lands them on a page that says: You’re not authenticated; you need to follow the directions in this link. Have a how-to with pretty pictures and stuff, I’m sure there are many already on the web. ACL on the default
“GUEST” VLAN restricts their IP access as you see fit.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">Bottom line, users can enable / configure 802.1x supplicant themselves with a little guidance. In the long run you’ll be WAY better off with 802.1x. IMHO.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">G<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org]
<b>On Behalf Of </b>Paulo Maia<br>
<b>Sent:</b> Thursday, July 07, 2011 4:10 PM<br>
<b>To:</b> FreeRadius users mailing list<br>
<b>Subject:</b> Re: Mac-Auth</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">I dont want to enable 802.1x auth in the clients coz i have over 3000 computers and i dont have AD to set a gpo to set in all clients .... But i do have all mac-addresses . I dont know if im going the wrong
way here . <br>
<br>
Thanks ,<o:p></o:p></p>
<div>
<p class="MsoNormal">On Thu, Jul 7, 2011 at 5:59 PM, Paulo Maia <<a href="mailto:phc.maia@gmail.com">phc.maia@gmail.com</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal">Ok guys thanks .<br>
One other question tough .... i have configured radius settings in the switch (c2960g) with aaa-newmodel dot1x port-control auto and the requests are getting to the radius server OK . But it keeps asking for user/pass auth and . Is there a way to authenticate
the mac-address without enable 802.1x in the client computer ? <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Thu, Jul 7, 2011 at 4:19 PM, Alan Buxey <<a href="mailto:A.L.M.Buxey@lboro.ac.uk" target="_blank">A.L.M.Buxey@lboro.ac.uk</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal">Hi,<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">> Hi Guys ,<br>
> Here is the thing , im trying to use Mac-Auth , I managed to get working<br>
> using authorized-macs files , although i need to use a mysql table<span style="font-family:"Tahoma","sans-serif"">�</span> witch<br>
> i already have with the ssid and mac-address fields and i need to add an<br>
> operator to expired macs , coz i work at a college campus and students<br>
> mac-addresses need to expire acording to their course period . Any ideas ?<br>
> Thanks in advance .<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">put MAC address in the radcheck table and set an Expiration. should work a treat<br>
<br>
00-11-22-33-44-55 Expiration := "10 Jul 2011"<br>
<span style="color:#888888"><br>
<br>
alan</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">
http://www.freeradius.org/list/users.html</a><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:7.5pt">"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
</span><o:p></o:p></p>
</div>
</body>
</html>