Mac auth configuration
Phil Mayers
p.mayers at imperial.ac.uk
Sat Sep 9 13:53:12 CEST 2006
Vineet Verma wrote:
> Hi,
> I have been able to configure FreeRadius to successfully authenticate
> a client based on the MAC address with entries like:
>
> 00-0c-41-5f-91-4b Auth-Type := Local, User-Password == "00-0c-41-5f-91-4b"
> Acct-Interim-Interval = 60
>
> Is there any way to configure it so I don't have to list every client?
> For example can I have some kind of glob as follows, say for all clients
> with OUI 00-0c-41:
>
> 00-0c-41-* Auth-Type := Local, User-Password == "00-0c-41-5f-91-4b"
> Acct-Interim-Interval = 60
>
> If not, how do I do something like this?
Try:
DEFAULT User-Name =~ "00-0c-41-..-..-..", Auth-Type := Accept
Acct-Interim-Interval = 60
If this is a multi-NAS server (e.g. dialup+802.1x+macauth) you'll want
to put more checks on the first line e.g. NAS-Port-Type == Ethernet,
Huntgroup-Name == "mac-auth-switches" to avoid the minor security hole
of a user on the other NASes being able to set their username to a MAC
address.
>
> Thanks,
> Vineet
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list