Mac auth configuration
Vineet Verma
vverma at trapezenetworks.com
Mon Sep 11 21:08:05 CEST 2006
Thanks a lot! That worked.
-Vineet
Phil Mayers wrote:
> Vineet Verma wrote:
>> Hi,
>> I have been able to configure FreeRadius to successfully
>> authenticate a client based on the MAC address with entries like:
>>
>> 00-0c-41-5f-91-4b Auth-Type := Local, User-Password ==
>> "00-0c-41-5f-91-4b"
>> Acct-Interim-Interval = 60
>>
>> Is there any way to configure it so I don't have to list every
>> client? For example can I have some kind of glob as follows, say for
>> all clients with OUI 00-0c-41:
>>
>> 00-0c-41-* Auth-Type := Local, User-Password == "00-0c-41-5f-91-4b"
>> Acct-Interim-Interval = 60
>>
>> If not, how do I do something like this?
>
> Try:
>
> DEFAULT User-Name =~ "00-0c-41-..-..-..", Auth-Type := Accept
> Acct-Interim-Interval = 60
>
> If this is a multi-NAS server (e.g. dialup+802.1x+macauth) you'll want
> to put more checks on the first line e.g. NAS-Port-Type == Ethernet,
> Huntgroup-Name == "mac-auth-switches" to avoid the minor security hole
> of a user on the other NASes being able to set their username to a MAC
> address.
>
>>
>> Thanks,
>> Vineet
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list