On Sep 27, 2015, at 1:15 AM, HernĂ¡n Freschi <hjf@hjf.com.ar> wrote:
I would like to authenticate WiFi users with EAP and assign an IP address based on their username. I realize this is a two step process: first, the user must be authenticated with EAP. Once this is done, the user will request an IP address via DHCP. But there is no connection between the EAP username, and the client's MAC address which EAP uses.
With EAP, the MAC address is the Calling-Station-ID for the Anonymous identity. The tunneled identity has no ID.
Sure. Just write the inner ID and the outer Calling-Station-Id to SQL. You may need to create a custom table for this. You should probably also write the login time, too.
Is it possible to use the post-auth section to log both username and MAC, so the DHCP module can look up the username from MAC address, and assign the address from the right pool?
Yes.
By default the post-auth module writes two records to the radpostauth table: one, from the anonymous identity with the Calling-Station-ID set to the MAC address, and another, for the tunneled identity, with an empty calling ID.
You can fix that by editing the configuration files. That's why they're text. Alan DeKok.