MAC authorisation (but not authentication) via LDAP

Martin Whinnery martin.whinnery at
Sun Feb 25 00:51:52 CET 2007


Probly just me not understanding...

What I want is for our switches to only allow access to MAC addresses in 
our LDAP database.

I don't want to store passwords on our LDAP host entries.

I'm set up to check LDAP during authorisation, and it correctly returns 
authorised / not authorised depending on whether the appropriate 
attribute contains the right value.

The trouble comes with authentication - either I set Auth-Type := 
Accept, in which case and failed authorisation is overridden, or I allow 
authentication to carry on against LDAP ( or System, or whatever ), in 
which case it fails always and access is denied, even for authorised MACs.

Is there a way to make the Authorisation part final and authoritative?

As I say, probly just being stoopid.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Freeradius-Users mailing list