Thanks Phil

Thanks, that is what i was asking. You have answered it right. Grateful!!!!  But i will explain the case

We are small wireless ISP (500 customers) We have several base stations across city. Where Motorola AP's are covering 360 Degrees.  Customer are connecting using Motorola SM, We point SM to the direction of AP. Motorola supports EAP authentication, which have been configured, alright. But This has been noticed that someone (anyone) can point the SM to the direction of AP and get access to our network. Which we are secureing using EAP authentication. But we want to use MAC authorize, if MAC is not in database = reject. 

or i should say how can i authorize a SM using calling-station-id (MAC of SM)

Thanks for your advice earlier.

RM --



On Tue, Jun 17, 2014 at 3:21 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 17/06/14 16:07, Russell Mike wrote:
Hi List Members


How can we do EAP authentication & MAC address look up in addition
(stored in MySQL DBMS) before accepting?

This question is very vague. Please be more specific.

The literal answer is "put an SQL lookup into your config" but this doesn't help you.

Here's an example of something you might do:

authorize {
  ...
  if (EAP-Message && Calling-Station-Id) {
    # some SQL query to find out which username
    # is allowed for this MAC address
    update control {
      Tmp-String-0 := "%{sql: ... where mac='%{Calling-Station-Id}'}"
    }
    if (control:Tmp-String-0 != "%{User-Name}") {
      # this username isn't allowed from this mac
      reject
    }
  }
  ...
  eap
}

If you want a more specific example, please ask a more specific question.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html