Hi,
If I use AD or SQL, can I write a script to accomplish the logic I need so I don't have to type in each individual MAC as UN/PW in the database? It still sounds like I need to (for example in AD) manully input each of them in the database. Can you please give me details about how to implement it in this case?
for using AD - not without difficulty because it will want both bits. you could use FreeRADIUS itself and a bit of unlang...for example. if you really dont care about the actual MAC address? in which case you could use unlang to check if its a MAC address ..and that its come from a particular group of switches eg something like authorise { if("%{User-Name}" =~ /[0-9a-z]{12}/i && "%{Huntgroup-Name}" == "MAB-switches"){ update control { Auth-Type := MAB } ok = return } } authenticate { Auth-Type MAB { ok } } you can then add the bits into unlang for post-auth for returning the correct VLAN. with older MAB you could do simple User-Name == Cleartext-Password - but with MD5 now in play I think you then enter the world of PERL or python on the FR box to deal with that. PS my example was just roughly typed up - there may well be errors and it'll only work if you've got eg MAB-switches NAS-IP-Address == 172.16.1.4 MAB-switches NAS-IP-Address == 172.16.1.5 MAB-switches NAS-IP-Address == 172.16.1.6 in the raddb/huntgroups file (and ensure preprocess module is called before the unlang in authorise section! alan