You're right! I have already managed to generate certificates and for users to connect to the Wi-Fi using EAP-TLS, what I need is to be able to restrict that any equipment does not connect to the network even if it has the imported certificate, only those that are declared the MAC in a base MySQL, PostgreSQL or LDAP data. El lun., 7 de sep. de 2020 a la(s) 11:54, Alan DeKok ( aland@deployingradius.com) escribió:
On Sep 7, 2020, at 9:54 AM, Ariel García Reyes <ariel100cfg@gmail.com> wrote:
Hi I am implementing a Freeradius server to authenticate Wifi
connections.
I want to configure the authentication to be EAP-TLS and to be able to filter that the MAC of the device matches the authorized one stored somewhere, domain controller, database, file, etc., taking into account that a user could be authorized to use several teams.
What database are you using? That makes a difference.
And what does it mean to have a "user authorized to use several teams"?
In general, this kind of thing is relatively simple. Get EAP-TLS working first. Then, add MAC checks.
But the details matter. You can't just say "some database somwhere", and expect a useful answer.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ________________________________________________ Lic. Ariel García Reyes. GNU/Linux Registered User #357058