Mac based auth

Alan DeKok aland at
Mon Nov 27 16:38:07 CET 2006

jonr at wrote:
>>   The format is whatever format the NAS sends in the User-Name attribute.
> Thanks Alan, that helped more than you know.

  It's little things like that that make a *big* difference in setting
up a system for the first time.  And yes, I cover all of this in my
book, which will be done real soon now...

> This is what I am trying to do, I have a user in my users file, before they are
> allowed to authenticate I want to also check that the MAC address sent in the
> Calling-Station-Id matches what is in the users file. So I would check not only
> for the username/passowrd but also that the MAC was the same for that user.

  i.e. each user has a pre-defined MAC they're allowed to use?

> Is checkval what I am looking for or is there a certain syntax for the users
> file that I am missing? I have read the /doc/processing_users_file, man 5 users
> and been going through the config files in the /etc/raddb. directory, with no
> success.

  You can do:

bob	Calling-Station-Id != "0001....", Auth-Type := Reject

  But that's awkward to scale to many users.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list