Problems regarding MAC address authentication
Hi, am trying to implement a WPA2 authentication system where users will be matched against the three criteria - user name - password - MAC address am using freeradius 1.0.1 with openldap 2.2.13 at its backend on CentOS 4.4 after extensively searching on google and freeradius-users mailing lists am able to do username/password authentication successfully using PEAP but am unable to get MAC authentication working and have run out of my wits myself had followed the tutorial on http://vuksan.com/linux/dot1x/802-1x-LDAP.html which worked great but am stuck on MAC address authentication. its repeatedly mentioned on mailling lists that MAC authentication is possible but i cant figure out how to do so hoping for some help thanks -- Registerd Linux User #426561 - Shobhit Jindal B.Tech. Part-III, Department Of Electronics Engineering, ITBHU INDIA
Hi, am trying to implement a WPA2 authentication system where users will be matched against the three criteria - user name - password - MAC address am using freeradius 1.0.1 with openldap 2.2.13 at its backend on CentOS 4.4 after extensively searching on google and freeradius-users mailing lists am able to do username/password authentication successfully using PEAP but am unable to get MAC authentication working and have run out of my wits myself had followed the tutorial on http://vuksan.com/linux/dot1x/802-1x-LDAP.html which worked great but am stuck on MAC address authentication. its repeatedly mentioned on mailling lists that MAC authentication is possible but i cant figure out how to do so hoping for some help thanks -- Registerd Linux User #426561 - Shobhit Jindal B.Tech. Part-III, Department Of Electronics Engineering, ITBHU INDIA
Shobhit Jindal wrote:
am using freeradius 1.0.1 with openldap 2.2.13 at its backend on CentOS 4.4
You should really upgrade. See http://freeradius.org/security.html
its repeatedly mentioned on mailling lists that MAC authentication is possible but i cant figure out how to do so
For what you want: Step 1 - Get PEAP working Step 2 - see "man rlm_passwd" Step 3 - create "group" of MAC addresses, using Calling-Station-Id rather than User-Name Step 4 - See the FAQ for rejecting requests not in a group It's a little difficult to help you in more detail when your post says "It doesn't work!". See the FAQ about that. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
Shobhit Jindal -
Shobhit Jindal