MAC Auth (new problem)

Leigh Martell leigh.martell at
Tue Dec 16 04:19:57 CET 2008

Does your WISP run off this same instance of FreeRadius or just using a
common database?

To elaborate on the dilemma; if you configure your freeradius to check the
attribute column for the MAC address how would you find the users password
since that is associated with the real username not the users
attribute...see the issue? By no means am I saying this is impossible but I
am saying it would be messy/complex to do such a thing, as you would have to
set the authenticate query to grab the mac address to return a real user
name to retrieve the remainder of the "user" attributes.

My suggestion is to not hack a way for it to work but figure out a clean way
to associate MAC addresses with a useraccount. You may be able to do this by
modifying the DB schema and using ID's as pointers(not fun or efficient) but
this is obviously not an option for you, so that would than bring you back
to using unlang(can't really help you here) or a rlm_perl script(both of
these methods "should" work but with more overhead than I would feel
comfortable with)

Listen to Ivan...he is alot smarter than me just not always as polite :-p
but always makes very good points. The last thing I have to say is that the
immediately cheapier way is not always the best way; invest in doing things
right and find an appropriate middle ground. Anyways I hope we have helped
point you in somewhat of the right have alot of late nights
ahead of you so take care.


2008/12/15 Nataniel Klug <nata at>

>  Leigh and Ivan,
> I have a system that works on my WISP and this program is not hackable
> (economic reasons -- this would cost too much to alter). As I already have
> all my clients MAC address into radcheck table (as a value for
> Calling-Station-Id) why can't I use this MAC to authenticate it in my
> NAS/AP? This is my question. Why can't I look for the MAC in another colum
> besides "Username" colum? There should be some way cheaper to me...
> Leigh Martell escreveu:
> I completely agree with you! I am still curious to why adding a user is not
> an option though. Hopefully we will be "enlightened" as to why it is not an
> option.
> 2008/12/15 <tnt at>
>> - hack your radius server?
>> - hack your user admin application?
>> It is credit to the quality and flexibility of Freeradius that messing
>> with the radius server comes up as an option at all.
>> Ivan Kalik
>> Kalik Informatika ISP
> --
> Att,
> Cyber Nett - Internet Banda
> (42) 3635-2957
> Rua Diogo Pinto, 1046, Centro
> Laranjeiras do Sul - PR
> Brasil - 85301-290
> "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis."
> Visconde de Taunay
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list