simple mac-auth
Phil Mayers
p.mayers at imperial.ac.uk
Wed Feb 7 15:34:55 CET 2007
Mikko Husari wrote:
> Mikko Husari wrote:
>> Hi!
>>
>> im currently running eap-tls with username and password (from ldap), but
>> now we're having a bunch of "stupid" wlan-client machines, and we need
>> an simple mac-auth (from ldap?) to the network. basic idea: (example
>> from outside world) "so, no certificate and login credentials, cant let
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for
>> inconvenience", for now we are happy to get just that to work, next
>> level would be something concerning vlans... i think (in the long run)
>> we don't want to have too much accessibility in those stupid machines.
>> poorly explained, not enough coffee in veins yet...
>>
>> thanks in advance
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
> Wouldn't i just be able to create hints rule that says "if
> calling-station-id == xx-xx-xx-xx-xx permit access" , or something similar?
Yes. Like I said, it's easy.
My advice would be to use an rlm_passwd with a key of calling-station-id
and use the authtype value on the module instance to set to Accept.
As I said, your AP still needs to support sending the MAC to Radius on
association. I suggest you consult your AP docs.
More information about the Freeradius-Users
mailing list