SQL Mac-Authentication based on Call-Check

florian broder flobroed at googlemail.com
Thu Nov 24 09:34:39 CET 2005


Hi.
Thanks for your thoughts.

On 11/23/05, Alan DeKok <aland at ox.org> wrote:
>
> florian broder <flobroed at googlemail.com> wrote:
> > The only thing I'm currently unaware of is, where I can tell freeradius
> to
> > use Call-Check together with mysql, I think it's somewhere in sql.conf?
>
>   No, it's also in the "radcheck" table.


Ok, instead of a password I use Atribute "Calling-Station-ID" with Value
<mac-address>?

> Only thing that need to be done IMO is to tell radius, that there is no
> > username and authentication needs to be done on a caller-id basis.
>
>   In radcheck, also set "Auth-Type := Accept" if the MAC & Call-Check
> match.


Can you tell me, how to do that? I mean, setting Auth-Type when it matches?

radcheck:
username: ?? (there isn't any! --> use DEFAULT?)
attribute 1: calling-station-id
value 1: mac
attribute 2: service-type
value2: 10 (call-check)
attribute 3: auth-type
value 3: accept

Is that ok?

But how has the authorize_check_query to be done?

--
Tha Radius should be used ONLY for Mac-Authentication internally (just our
LAN). Idea is, that a Switch-Port (VLAN, Access or trunk...) is configured
by a script depending on the connecting mac-address.

As I've said, I haven't deployed freeradius yet, so maybe the next question
is really stupid...

In sql.conf. "authorize_check_query" takes all values (belonging to a
user-name) from radcheck and tries to match them with the attributes which
have been sent?!

But the Switch definitely sends NO user-name, i've checked that with
Ethreal.
I still don't understand, how sql-config should be done, if there _isn't_
any username, just a caller id.

Thanks a lot i advance, and really sorry for stealing your time!

Bye
Flo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051124/898b8cf1/attachment.html>


More information about the Freeradius-Users mailing list