Aaron Jansen wrote:
For a user FreeRADIUS should check the user name, password, and the MAC address. The MAC address can be one of many in a list stored in a database. So, this is not about a single user logging in on only one device.
Edit the SQL queries. They're text in a config file for a reason.
I have taken a look at the rad(group)check table, but it seems that ALL attributes should check out alright for the user to be authenticated. So, I cannot just simply add a list of all possible user/MAC combinations.
You can also write SELECT statements in the config files. authorize { ... sql # see radcheck && radreply # look up the Calling-Station-Id in the MAC table if ("%{sql: SELECT mac from mac_table WHERE ... }") { # mac was found } else { reject # mac wasn't found } ... } Alan DeKok.