SQL Mac-Authentication based on Call-Check
florian broder
flobroed at googlemail.com
Wed Nov 23 11:54:23 CET 2005
Hello.
I'm currently working on my diploma thesis, and I'm sorting some things out
at the moment.
The task is, to authenticate mac-adresses through a cisco catalyst 6500. A
pretty new feature called "mac-authentication-bypass" is available in CatOS
and works well with Cisco ACS 4.0 beta. Due to our demands we want to deploy
freeradius, with a mysql database.
It works like that. The switch sends an Access-Request with the connecting
MAC in the Caller-ID Field and Sevice Type is set to "10", hence "Call
Ceck". Radius now authenticates the users on a given MAC (Caller ID) instead
of a user/password.
I haven't set up freeradius yet, but I'm slighty familar with the settings
that have to be done. In table "radcheck" I create attribute
"Calling-Station-ID" with value "MAC-Address" (f.e. ff-ee-11-22-33-44), this
value will be checked against.
I also have to edit the sql.conf (user, database etc) and telling
radiusd.conf to use sql in the "authorise" section. I'm sticking to the
Freeradius MySQL howto by Scott Bartlett for that. :)
The only thing I'm currently unaware of is, where I can tell freeradius to
use Call-Check together with mysql, I think it's somewhere in sql.conf?
Only thing that need to be done IMO is to tell radius, that there is no
username and authentication needs to be done on a caller-id basis.
Any thoughts?
Thanks in advance.
Bye Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051123/e92fd8cd/attachment.html>
More information about the Freeradius-Users
mailing list