MAC Auth (new problem)

tnt at kalik.net tnt at kalik.net
Mon Dec 15 23:25:49 CET 2008 

To be fair, there probably is a way to create an unlang hack (are we
going to advocate unlang auth now) that can tie up mac address from the
user entry with the one in the mac auth request (regexp check if
username is mac address; if it is see if there is such mac address in
the database and force Auth-Type Accept; there was some mention of the
password, but that can be sorted as well) without breaking everything
else on the server.

But why? If you can create user entry and add mac address as an attribute
value it requires minimal effort on user admin side to create an entry
with mac address as username value at the same time. A simple additional
insert. Even if it is a closed code solution that you can't change, you
can always make two entries - one for the user as username and one with
mac address as username.

Be honest, if your user admin application can't do what you want, should
you:

- hack your radius server?

- hack your user admin application?

It is credit to the quality and flexibility of Freeradius that messing
with the radius server comes up as an option at all.

Ivan Kalik
Kalik Informatika ISP

Dana 15/12/2008, "Leigh Martell" <leigh.martell at gmail.com> piše:

>Well thats not entirely true; you can create an association table(if thats
>the right term) which has id,username, mac and then edit your query with
>some joins and additional magic...I would not suggest this but it is
>possible just very messy. I would highly recommend doing this the
>traditional way...at least if you value your sanity ;-).
>
>--
>Leigh
>
>On Mon, Dec 15, 2008 at 4:22 PM, <tnt at kalik.net> wrote:
>
>> >In my case I can't look for MAC in Username field and I have to look for
>> >that mac in Value field. Hope that have a way to make this happens.
>> >
>>
>> You don't seem to get the problem. You have set up your AP to do mac
>> authentication. When you do that, mac address is sent in the username
>> filed. If you don't want that, don't set your AP to do mac auth. Set
>> it to do user authentication. When you are doung user auth, mac address
>> should appear as Calling-Station-Id (should).
>>
>> There is *nothing* you can do in freeradius that will make your AP do
>> this. You have to configure the AP to do that.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>

More information about the Freeradius-Users mailing list