authentication by DHCP-request

Thorsten Leiser t.leiser at synchron-is.de
Wed Nov 21 11:10:59 CET 2007 

Hi Alan,

>   A better approach is to look for something like MAC authentication
> Bypass in Cisco switches.  If the client doesn't do 802.1x within a
> certain time, the switch sends a RADIUS request containing the MAC
address.

We have more than 200 ThinClients. I'm afraid, this would be unmanagable.
If a Client dies and e.g. a fellow forgets to unregister the MAC-Address,
the MAC-Address table of the radius server would be very messy after a few
months. Do you know a solution, in which this "MAC"-Clients could be
foolproof managed?

Regards

Thorsten

"Alan DeKok" <aland at deployingradius.com> schrieb:
> Thorsten Leiser wrote:
>> we're just implementing port security with freeradius 1.1.6. For our
>> XP-Boxes we'll use the built in 802.1x-supplicant. But there are some
>> dumb thinclients without any supplicants available. Fortunately, we're
>> able to modify the User Class option (option 77) within the dhcp-request
>> of these thinclients. So, we're trying to authenticate the clients by
>> using the modified dhcp-request.
> 
>   That requires modified clients, and DHCP servers.
> 
>   A better approach is to look for something like MAC authentication
> Bypass in Cisco switches.  If the client doesn't do 802.1x within a
> certain time, the switch sends a RADIUS request containing the MAC
address.
> 
>> Do you have an idea how we can use this modified dhcp-request to
>> authenticate angainst our radius server? Or any other idea?
> 
>   Modifying DHCP isn't a good idea.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> 


--
Thorsten Leiser
IT-Systembetreuung
SYNCHRON Gesellschaft für
betriebswirtschaftliche
Beratung und Informationssysteme mbH
Liebknechtstr.
50

70565 Stuttgart-Vaihingen

Fon: 0711/7868-356
Fax:
0711/7868-446

www.synchron-is.de

Sitz der Gesellschaft:
Stuttgart
Registergericht: Amtsgericht Stuttgart, HRB 8619
GF: Michael
Schober 


- - - - - - - - -

Diese E-Mail beinhaltet vertrauliche und/oder
rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die
unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may
contain confidential and/or privileged data. If you are not the intended
recipient or have received this e-mail in error, please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure
or distribution of the content in this e-mail is strictly forbidden.

More information about the Freeradius-Users mailing list