MAC or user auth

CoMeC comec at e-comec.com
Wed Dec 12 13:37:56 CET 2007 

Ok,

Sorry for unsufficent informations. :)

For both authentifications methods there will be 2 separate NAS (one for
username/pass auth and one for MAC auth)

As NAS I will use Mikrotik routers.

The thing is
- router will lease DHCP Address to a clients machine.
- router sends Calling-Station-id Attribute in Access-Request, so I know
the client's MAC


In radcheck I have for example a user "John" with attribute
Calling-Station-id := MAC
I would like freeradius to ignore username and only check table for MAC.
If he found a valid MAC, then it knows that the user is "John" and it can
send an Access-Accept with parameters.

I know that radius can authenticate a Username with MAC. 
But how to make radius ignores the username?

So, if Radius found no Calling-Station-id:=MAC attribute, and it has got
Username, then it has to authenticate user using username and password. :)

Is it possible? And if not would you advice me another solution?

Thanks,

Best regards,

CoMeC :)



On Wed, 12 Dec 2007 13:13:34 +0100, "Edvin Seferovic"
<edvin.seferovic at kolp.at> wrote:
>>Authorization via MAC Address (with no username required)
> 
> This is being done by your NAS ! Username is usually the MAC address.
> 
>> if the machine is using a valid IP Address, it is automatically allowed
> to
> surf.
>> (I know there is a Calling-Station-id attribute in radcheck)
> 
> IP address has to be given by DHCP or your NAS. FreeRADIUS has nothing to
> do
> with the firewall rules ( NAT etc ).
> 
>>But I need also a support for username/password authentification (via
> WWW)
> too.
> 
> This also depends on your NAS !
> 
>>When I try to log in only with MAC, I get a Radius responce "no
> username",
>>and the machine is denied.
> 
> Run freeradius in debug mode ( freeradius -X ) and see what attribute is
> used for MAC address and use it as i.e. username.
> 
> You should send us more information about your NAS. Nobody will be able
to
> help you in other case.
> 
> Regards,
> E:S
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list