radius server and MAC authentication for wireless
Alan DeKok
aland at deployingradius.com
Fri Nov 2 14:43:44 CET 2007
Shawn Adams wrote:
> I've noted that some wireless APs using MAC/MAC authentication send the
> MAC in the form:
...
> The last seems most prevelent.
For your systems. Others vary.
The RFC's suggest one format, but who follows standards?
> Is there a method to configure $RADIUS/user.conf or $RADIUS/radiusd.conf
> (or other file) to allow the radius to authenticate *both* with one user
> entry ?
There is no "user.conf" file. This is about computers: precision helps.
> I guess I'm thinking about a user.conf entry which allows PC_X to attach
> to Access_point_A and authenticate when the userid/password is sent
> 112233445566 *and* allow the same PC, when roaming to Access_point_B to
> authenticate with 11-22-33-44-55-66 using only one users.conf entry.
You can use regular expressions in the "hints" file to re-write the
MAC address into some kind of normal format.
DEFAULT Attribute-With-Mac =~
"([0-9a-fA-F]{2}):([0-9a-fA-F]{2}):([0-9a-fA-F]{2}):([0-9a-fA-F]{2}):([0-9a-fA-F]{2}):([0-9a-fA-F]{2})"
Attribute-With-Mac = "%{1}-%{2}-%{3}-%{4}-%{5}-%{6}"
etc.
Alan DeKok.
More information about the Freeradius-Users
mailing list