Ok, Sorry for unsufficent informations. :) For both authentifications methods there will be 2 separate NAS (one for username/pass auth and one for MAC auth) As NAS I will use Mikrotik routers. The thing is - router will lease DHCP Address to a clients machine. - router sends Calling-Station-id Attribute in Access-Request, so I know the client's MAC In radcheck I have for example a user "John" with attribute Calling-Station-id := MAC I would like freeradius to ignore username and only check table for MAC. If he found a valid MAC, then it knows that the user is "John" and it can send an Access-Accept with parameters. I know that radius can authenticate a Username with MAC. But how to make radius ignores the username? So, if Radius found no Calling-Station-id:=MAC attribute, and it has got Username, then it has to authenticate user using username and password. :) Is it possible? And if not would you advice me another solution? Thanks, Best regards, CoMeC :) On Wed, 12 Dec 2007 13:13:34 +0100, "Edvin Seferovic" <edvin.seferovic@kolp.at> wrote:
Authorization via MAC Address (with no username required)
This is being done by your NAS ! Username is usually the MAC address.
if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck)
IP address has to be given by DHCP or your NAS. FreeRADIUS has nothing to do with the firewall rules ( NAT etc ).
But I need also a support for username/password authentification (via WWW) too.
This also depends on your NAS !
When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied.
Run freeradius in debug mode ( freeradius -X ) and see what attribute is used for MAC address and use it as i.e. username.
You should send us more information about your NAS. Nobody will be able to help you in other case.
Regards, E:S
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html