simple mac-auth

Phil Mayers p.mayers at imperial.ac.uk
Wed Feb 7 15:34:55 CET 2007


Mikko Husari wrote:
> Mikko Husari wrote:
>> Hi!
>>
>> im currently running eap-tls with username and password (from ldap), but 
>> now we're having a bunch of "stupid" wlan-client machines, and we need 
>> an simple mac-auth (from ldap?) to the network. basic idea: (example 
>> from outside world) "so, no certificate and login credentials, cant let 
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for 
>> inconvenience", for now we are happy to get just that to work, next 
>> level would be something concerning vlans... i think (in the long run) 
>> we don't want to have too much accessibility in those stupid machines. 
>> poorly explained, not enough coffee in veins yet...
>>
>> thanks in advance
>> - 
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>   
> Wouldn't i just be able to create  hints rule that says "if 
> calling-station-id ==  xx-xx-xx-xx-xx permit access" , or something similar?

Yes. Like I said, it's easy.

My advice would be to use an rlm_passwd with a key of calling-station-id 
and use the authtype value on the module instance to set to Accept.

As I said, your AP still needs to support sending the MAC to Radius on 
association. I suggest you consult your AP docs.



More information about the Freeradius-Users mailing list