simple mac-auth
Mikko Husari
husku at husku.net
Wed Feb 7 11:56:33 CET 2007
Phil Mayers wrote:
> Mikko Husari wrote:
>
>> Hi!
>>
>> im currently running eap-tls with username and password (from ldap), but
>> now we're having a bunch of "stupid" wlan-client machines, and we need
>> an simple mac-auth (from ldap?) to the network. basic idea: (example
>> from outside world) "so, no certificate and login credentials, cant let
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for
>> inconvenience", for now we are happy to get just that to work, next
>>
>
> Most APs will require a separate SSID for this I think - your MAC-auth
> one will need to be unauthenticated and the 802.1x one WPA (or whatever)
> and the beacon frames will reflect that.
>
> Having said that, assuming your AP can authenticate the MACs against
> radius (many can - Ciscos can) then FreeRadius can do it fine, it's very
> simple. Do you have a specific question?
>
>
>> level would be something concerning vlans... i think (in the long run)
>>
>
> Again, provided the AP supports it, easy.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
well, im not so sure the ap-supports mac-auth using radius... it is
zyxel zyair g-1000, manual did not say anything about radius+mac, other
sort of radius is supported (has to be cause it works)
More information about the Freeradius-Users
mailing list