Yaƫl Rozanes <irozanes387@hotmail.fr>:
I think I understand what you recommend, for now I authenticate my supplicant with an id/mdp couple ( that I get on a Ldap server) in EAP-TTLS but I would have liked to do the same with only the mac address using for example a MySQL database
Ah, this is different than what I understood. If you are using EAP-TTLS to do this your supplicant will still have to do some sort of inner authentication. For example, you could use a hard-coded Clear-Text-Password on the FreeRADIUS side for all hosts and set your supplicants all to use that password, and then use the Calling-Station-Id for authentication and authorization decisions. This is fairly weak from a security standpoint, but doable. Normal practice is to use a real password and use the Calling-Station-Id only for authorization purposes.
If I understand correctly, you advise me to use another field of my ldap which would contain my @mac and to link it to the attribute "Calling-Station-Id"?
Should work, but you may have to write unlang statements to do what you want with the attribute. You would not necessarily want to map the LDAP attribute to Calling-Station-Id... that attribute should already be there in the request, provided by the NAS. Just grab the MAC from LDAP into any old attribute and compare them in unlang.