authentication by DHCP-request

Alan DeKok aland at deployingradius.com
Wed Nov 21 11:48:48 CET 2007


Thorsten Leiser wrote:
> We have more than 200 ThinClients. I'm afraid, this would be unmanagable.
> If a Client dies and e.g. a fellow forgets to unregister the MAC-Address,
> the MAC-Address table of the radius server would be very messy after a few
> months.

  Huh?  What do you mean by that?

  If you don't have Cisco switches, this discussion is pointless.  If
you do have Cisco switches, they will authenticate the MAC address as a
known device.  This is no different than authenticating the
user/password as a known user.

  I have no idea what you mean by "unregister MAC address".  There is no
unregistering process needed, and I didn't talk about one.

  I have no idea what you mean by the "MAC address table getting messy".
 I made no mention of a MAC address table.  I made no mention of updates
to a MAC address table.

  You seem to have assumed a LOT about how MAC authentication bypass
works.  Forget all of those assumptions.  They're wrong.

  MAC authentication just works by authenticating the MAC address.  Just
like users.  Do normal users have to unregister?  Does the user/password
table get "messy" after people authenticate?

  No.

  Alan DeKok.



More information about the Freeradius-Users mailing list