Hi List Members How can we do EAP authentication & MAC address look up in addition (stored in MySQL DBMS) before accepting? Thanks
On 17/06/14 16:07, Russell Mike wrote:
Hi List Members
How can we do EAP authentication & MAC address look up in addition (stored in MySQL DBMS) before accepting?
This question is very vague. Please be more specific. The literal answer is "put an SQL lookup into your config" but this doesn't help you. Here's an example of something you might do: authorize { ... if (EAP-Message && Calling-Station-Id) { # some SQL query to find out which username # is allowed for this MAC address update control { Tmp-String-0 := "%{sql: ... where mac='%{Calling-Station-Id}'}" } if (control:Tmp-String-0 != "%{User-Name}") { # this username isn't allowed from this mac reject } } ... eap } If you want a more specific example, please ask a more specific question.
Thanks Phil Thanks, that is what i was asking. You have answered it right. Grateful!!!! But i will explain the case We are small wireless ISP (500 customers) We have several base stations across city. Where Motorola AP's are covering 360 Degrees. Customer are connecting using Motorola SM, We point SM to the direction of AP. Motorola supports EAP authentication, which have been configured, alright. But This has been noticed that someone (anyone) can point the SM to the direction of AP and get access to our network. Which we are secureing using EAP authentication. But we want to use MAC authorize, if MAC is not in database = reject. or i should say how can i authorize a SM using calling-station-id (MAC of SM) Thanks for your advice earlier. RM -- On Tue, Jun 17, 2014 at 3:21 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 17/06/14 16:07, Russell Mike wrote:
Hi List Members
How can we do EAP authentication & MAC address look up in addition (stored in MySQL DBMS) before accepting?
This question is very vague. Please be more specific.
The literal answer is "put an SQL lookup into your config" but this doesn't help you.
Here's an example of something you might do:
authorize { ... if (EAP-Message && Calling-Station-Id) { # some SQL query to find out which username # is allowed for this MAC address update control { Tmp-String-0 := "%{sql: ... where mac='%{Calling-Station-Id}'}" } if (control:Tmp-String-0 != "%{User-Name}") { # this username isn't allowed from this mac reject } } ... eap }
If you want a more specific example, please ask a more specific question. - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
participants (2)
-
Phil Mayers -
Russell Mike