Hi, I try to configure such a solution: Authorization via MAC Address (with no username required) - if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck) But I need also a support for username/password authentification (via WWW) too. When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied. How/where in radiusd.conf can I make changes? Thx in advance, Best regards, CoMeC
Authorization via MAC Address (with no username required)
This is being done by your NAS ! Username is usually the MAC address.
if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck)
IP address has to be given by DHCP or your NAS. FreeRADIUS has nothing to do with the firewall rules ( NAT etc ).
But I need also a support for username/password authentification (via WWW) too.
This also depends on your NAS !
When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied.
Run freeradius in debug mode ( freeradius -X ) and see what attribute is used for MAC address and use it as i.e. username. You should send us more information about your NAS. Nobody will be able to help you in other case. Regards, E:S
MAC address in mac auth is sent as User-Name not Calling-Station-Id. So, for mac auth: some-mac-add-ress Auth-Type := Accept For a user: username Clertext-Password := "hispassword" Ivan Kalik Kalik Informatika ISP Dana 12/12/2007, "CoMeC" <comec@e-comec.com> piše:
Hi,
I try to configure such a solution:
Authorization via MAC Address (with no username required) - if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck)
But I need also a support for username/password authentification (via WWW) too.
When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied.
How/where in radiusd.conf can I make changes?
Thx in advance,
Best regards,
CoMeC
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, thanks, so in radreply I have to use: some-mac-address Attribute Op Value ? Thx, CoMeC On Wed, 12 Dec 2007 13:17:41 +0100, <tnt@kalik.co.yu> wrote:
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type := Accept
For a user:
username Clertext-Password := "hispassword"
Ivan Kalik Kalik Informatika ISP
Dana 12/12/2007, "CoMeC" <comec@e-comec.com> piše:
Hi,
I try to configure such a solution:
Authorization via MAC Address (with no username required) - if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck)
But I need also a support for username/password authentification (via WWW) too.
When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied.
How/where in radiusd.conf can I make changes?
Thx in advance,
Best regards,
CoMeC
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No, radcheck. 1. Enable mac auth in hotspot profile (login-by=mac) - mac address will be checked first, if there is no match user will be sent to the login form 2. For mac addresses make such entries in radcheck: UserName Attribute Op Value some-mac-address Auth-Type := Accept 3. For users make stanard radcheck entries: UserName Attribute Op Value someuser Cleartext-Password := somepass Ivan Kalik Kalik Informatika ISP Dana 12/12/2007, "CoMeC" <comec@e-comec.com> piše:
Ok,
thanks,
so in radreply I have to use:
some-mac-address Attribute Op Value
?
Thx,
CoMeC
On Wed, 12 Dec 2007 13:17:41 +0100, <tnt@kalik.co.yu> wrote:
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type := Accept
For a user:
username Clertext-Password := "hispassword"
Ivan Kalik Kalik Informatika ISP
Dana 12/12/2007, "CoMeC" <comec@e-comec.com> piĹĄe:
Hi,
I try to configure such a solution:
Authorization via MAC Address (with no username required) - if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck)
But I need also a support for username/password authentification (via WWW) too.
When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied.
How/where in radiusd.conf can I make changes?
Thx in advance,
Best regards,
CoMeC
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, What I ment with radreply, is the fact, that when the MAC user is authentificated by RADIUS, Radius should send for example bandwith values. So I need to have those some-mac-address Attribute Op Value in radreply table. Am I wrong? All is want to achieve is: I would like to have Abo-Users (time limitation for one month), with a specified bandwidth parameters. The thing is that users can have more computers. That is why I would like to authenticate those computers with MAC, but they should work simultanously using together specified bandwidth. (there is a simultanous option :) ) Practically: one billing user with specified bandwidth, but with no computer limitation, and with no user/password authentification at the same time. Only for real hotspot users, there will be a user and password. But it will be handled by another NAS. Everything will work with the use of Mikrotik routers :) Any other possibilities to solve that problem? :) Best regards, CoMeC On Wed, 12 Dec 2007 14:17:10 +0100, <tnt@kalik.co.yu> wrote:
No, radcheck.
1. Enable mac auth in hotspot profile (login-by=mac) - mac address will be checked first, if there is no match user will be sent to the login form
2. For mac addresses make such entries in radcheck:
UserName Attribute Op Value some-mac-address Auth-Type := Accept
3. For users make stanard radcheck entries:
UserName Attribute Op Value someuser Cleartext-Password := somepass
Ivan Kalik Kalik Informatika ISP
Dana 12/12/2007, "CoMeC" <comec@e-comec.com> piše:
Ok,
thanks,
so in radreply I have to use:
some-mac-address Attribute Op Value
?
Thx,
CoMeC
On Wed, 12 Dec 2007 13:17:41 +0100, <tnt@kalik.co.yu> wrote:
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type := Accept
For a user:
username Clertext-Password := "hispassword"
Ivan Kalik Kalik Informatika ISP
Dana 12/12/2007, "CoMeC" <comec@e-comec.com> piĹĄe:
Hi,
I try to configure such a solution:
Authorization via MAC Address (with no username required) - if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck)
But I need also a support for username/password authentification (via WWW) too.
When I try to log in only with MAC, I get a Radius responce "no username", and the machine is denied.
How/where in radiusd.conf can I make changes?
Thx in advance,
Best regards,
CoMeC
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Everything will work with the use of Mikrotik routers :)
I would seriously doubt that. In order to limit aggregate bandwidth on multiple connections you need either to add them into a bundle (I don't that Mikrotik supports multilink) or put the user in a VLAN and limit bandwidth on that (virtual) interface (I am quite sure that Mikrotik doesn't support dynamic VLAN assignment via radius). With simultaneous logins aggregate bandwidth will be the sum of individual ones. Ivan Kalik Kali Informatika ISP
Hi, thanks for a hint. I do not know detailed possibilities of that thing. Only theoretically... I will get the router next week and I will start some tests... I will let you know what I will find out! :) Bandwith aspect is important, but not critical. It is important to make it easy to manage. I would like to know what possibilities I have, so I could integrate everything in my actual billing/management system. I try to understand the possibilities of groups and how I can use them to efficently manage my clients... Thx, Best regards, CoMeC On Wed, 12 Dec 2007 22:10:55 +0100, <tnt@kalik.co.yu> wrote:
Everything will work with the use of Mikrotik routers :)
I would seriously doubt that. In order to limit aggregate bandwidth on multiple connections you need either to add them into a bundle (I don't that Mikrotik supports multilink) or put the user in a VLAN and limit bandwidth on that (virtual) interface (I am quite sure that Mikrotik doesn't support dynamic VLAN assignment via radius).
With simultaneous logins aggregate bandwidth will be the sum of individual ones.
Ivan Kalik Kali Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
CoMeC -
Edvin Seferovic -
tnt@kalik.co.yu