Thorsten Leiser wrote:
we're just implementing port security with freeradius 1.1.6. For our XP-Boxes we'll use the built in 802.1x-supplicant. But there are some dumb thinclients without any supplicants available. Fortunately, we're able to modify the User Class option (option 77) within the dhcp-request of these thinclients. So, we're trying to authenticate the clients by using the modified dhcp-request.
That requires modified clients, and DHCP servers. A better approach is to look for something like MAC authentication Bypass in Cisco switches. If the client doesn't do 802.1x within a certain time, the switch sends a RADIUS request containing the MAC address.
Do you have an idea how we can use this modified dhcp-request to authenticate angainst our radius server? Or any other idea?
Modifying DHCP isn't a good idea. Alan DeKok.