authentication by DHCP-request
Alan DeKok
aland at deployingradius.com
Mon Nov 19 13:48:42 CET 2007
Thorsten Leiser wrote:
> we're just implementing port security with freeradius 1.1.6. For our
> XP-Boxes we'll use the built in 802.1x-supplicant. But there are some
> dumb thinclients without any supplicants available. Fortunately, we're
> able to modify the User Class option (option 77) within the dhcp-request
> of these thinclients. So, we're trying to authenticate the clients by
> using the modified dhcp-request.
That requires modified clients, and DHCP servers.
A better approach is to look for something like MAC authentication
Bypass in Cisco switches. If the client doesn't do 802.1x within a
certain time, the switch sends a RADIUS request containing the MAC address.
> Do you have an idea how we can use this modified dhcp-request to
> authenticate angainst our radius server? Or any other idea?
Modifying DHCP isn't a good idea.
Alan DeKok.
More information about the Freeradius-Users
mailing list