<html><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:14pt"><div><span>Hi good pple, have been reading on how to enforce the attribute of Mac-Addr and i have not seen it anywhere.</span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><span>Has anyone done it before, please help throw some light on how i can achieve this.</span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color:
transparent; font-style: normal;"><span>I want user eric@ut3 with this Mac Address to log in , and if the MAC address is different he will not be granted access.</span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 18.6667px; font-family: verdana,helvetica,sans-serif; background-color: transparent; font-style: normal;"><span>eric@ut3 Cleartext-Password := "eric", Simultaneous-Use := 1<br> <span style="background-color: rgb(255, 255, 0);"><span style="font-weight: bold;">Mac-Addr =
02-1B-9E-D3-0B-F0,</span></span><br> Service-Type = Framed-User,<br> Qos-Policy-Policing = broadband_128_policing,<br> Qos-Policy-Metering = broadband_128_metering,<br> Framed-Protocol = PPP,<br> Ip_Address_Pool_Name = pool_128,<br> Framed-Address = 255.255.255.254,<br> Framed-Netmask = 255.255.255.255,<br> Fall-Through = 0<br></span></div><div> </div><div>Eric M<br></div> <div style="font-family: verdana, helvetica, sans-serif; font-size: 14pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span
style="font-weight:bold;">From:</span></b> Mulindwa <meric_l@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> FreeRadius users mailing list <freeradius-users@lists.freeradius.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, April 5, 2013 9:07 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: MAC Address Auth<br> </font> </div> <br>
<div id="yiv2036531912"><div><div style="color:#000;background-color:#fff;font-family:verdana, helvetica, sans-serif;font-size:14pt;">Thanks Mattias,<br><br>I get an error saying; <span style="background-color:rgb(255, 255, 0);">Unknown attribute "Attr-2352-145"</span><br><br>This is how i have it setup<br><br><br>user20001@ut3 Password = "006060", Simultaneous-Use = 1<br> <span style="background-color:rgb(255, 255, 0);">Attr-2352-145 = "5c-7d-5e-3f-d0-f7",</span><br> Service-Type = Framed-User,<br> Qos_Policy_Policing = broadband_128_policing,<br> Qos_Policy_Metering = broadband_128_metering,<br> Framed-Protocol = PPP,<br> Ip_Address_Pool_Name =
pool_128,<br> Framed-Address = 255.255.255.254,<br> Framed-Netmask = 255.255.255.255,<br> Fall-Through = 0<br><div><span><br></span></div><div> </div><div>Eric M<br></div> <div style="font-family:verdana, helvetica, sans-serif;font-size:14pt;"> <div style="font-family:times new roman, new york, times, serif;font-size:12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Matthias Nagel <matthias.h.nagel@gmail.com><br> <b><span style="font-weight:bold;">To:</span></b> freeradius-users@lists.freeradius.org <br> <b><span style="font-weight:bold;">Sent:</span></b> Thursday, April 4, 2013 5:41 PM<br> <b><span style="font-weight:bold;">Subject:</span></b> Re: MAC Address Auth<br> </font> </div> <br>
Hello,<br>add the correct check item to your user database. In the case below (User-Name = user2000@ut3) you should have the check item<br>Attr-2352-145 == "5c-7d-5e-3f-d0-f7"<br>for this speicifc user in your user database. Then you repeat this for every user/mac-address pair you want.<br>Best regards, Matthias<br><br>Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa:<br>> Great, i have run the debug and i did get the attribute required.<br>> If i want to full fill the two conditions i.e username/passwd and Mac Address = Attr-2352-145<br>> <br>> How would i need to twick my radiusd.conf file to achieve this?<br>> <br>> <br>> <br>> <br>> User-Name = "user2000@ut3"<br>> CHAP-Password = "cccddd'"<br>> CHAP-Challenge = "mmmm"<br>> Service-Type = Framed-User<br>> Framed-Protocol = PPP<br>> NAS-Identifier = "UT-BRAS-EDGE"<br>>
NAS-IP-Address = x.x.x.x<br>> NAS-Port = 855649483<br>> NAS_Real_Port = 855638816<br>> NAS-Port-Type = Virtual<br>> Attr-87 = "3/3 vlan-id 800 pppoe 11467"<br>> Medium_Type = 11<br>> Attr-2352-145 = "5c-7d-5e-3f-d0-f7" ==== MAC Address<br>> Attr-2352-98 = "3"<br>> Attr-2352-112 = "6.2.1.9"<br>> Acct-Session-Id = "0202FFFF68008FC9-515D8419"<br>> <br>> <br>> Eric M<br>> <br>> <br>> ________________________________<br>> From: Mulindwa <<a rel="nofollow" ymailto="mailto:meric_l@yahoo.com" target="_blank" href="mailto:meric_l@yahoo.com">meric_l@yahoo.com</a>><br>> To: Alan DeKok <<a rel="nofollow" ymailto="mailto:aland@deployingradius.com" target="_blank" href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>>; FreeRadius users mailing list
<<a rel="nofollow" ymailto="mailto:freeradius-users@lists.freeradius.org" target="_blank" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>> <br>> Sent: Thursday, April 4, 2013 4:58 PM<br>> Subject: Re: MAC Address Auth<br>> <br>> <br>> Thanks Alan,<br>> <br>> Let me do so.<br>> <br>> <br>> Eric M<br>> <br>> <br>> ________________________________<br>> From: Alan DeKok <<a rel="nofollow" ymailto="mailto:aland@deployingradius.com" target="_blank" href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>> To: Mulindwa <<a rel="nofollow" ymailto="mailto:meric_l@yahoo.com" target="_blank" href="mailto:meric_l@yahoo.com">meric_l@yahoo.com</a>>; FreeRadius users mailing list <<a rel="nofollow" ymailto="mailto:freeradius-users@lists.freeradius.org" target="_blank"
href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>> <br>> Sent: Thursday, April 4, 2013 4:47 PM<br>> Subject: Re: MAC Address Auth<br>> <br>> Mulindwa wrote:<br>> > Hi
All,<br>> > <br>> > Have been trying to authenticate my ADSL users using Mac Address Auth,<br>> > however i have failed even after going through the documentation.<br>> > <br>> > I want to authenticate with the highlighted, anyone done this and can help?<br>> <br>> It's been done.<br>> <br>> > This is how the accounting file looks;<br>> <br>> If you're trying to debug authentication, it helps to look at<br>> *authentication* traffic, and not *accounting* data.<br>> <br>> And run the server in debugging mode as suggested in the FAQ, "man"<br>> page, web pages, and daily on this list.<br>> <br>> Honestly, there is NO excuse for refusing to do this.<br>> <br>> Alan DeKok.<br>> <br>> <br>> <br>> -<br>> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html<br>----------------------------------------------------------------------<br>Matthias Nagel<br>Willy-Andreas-Allee 1, Zimmer 506<br>76131 Karlsruhe<br><br>Telefon: +49-721-8695-1506<br>Mobil: +49-151-15998774<br>e-Mail: <a rel="nofollow" ymailto="mailto:matthias.h.nagel@gmail.com" target="_blank" href="mailto:matthias.h.nagel@gmail.com">matthias.h.nagel@gmail.com</a><br>ICQ: 499797758<br>Skype: nagmat84<br><br>-<br>List info/subscribe/unsubscribe? See <a rel="nofollow" target="_blank" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br><br><br> </div> </div> </div></div></div><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br> </div> </div> </div></body></html>