MAC Auth (new problem)

tnt at kalik.net tnt at kalik.net
Tue Dec 16 10:34:27 CET 2008


I can't possibly imagine that there can be any reason for not adding mac
address as another user apart from being lazy.

Ivan Kalik
Kalik Informatika ISP


Dana 16/12/2008, "Leigh Martell" <leigh.martell at gmail.com> piše:

>I completely agree with you! I am still curious to why adding a user is not
>an option though. Hopefully we will be "enlightened" as to why it is not an
>option.
>
>2008/12/15 <tnt at kalik.net>
>
>> To be fair, there probably is a way to create an unlang hack (are we
>> going to advocate unlang auth now) that can tie up mac address from the
>> user entry with the one in the mac auth request (regexp check if
>> username is mac address; if it is see if there is such mac address in
>> the database and force Auth-Type Accept; there was some mention of the
>> password, but that can be sorted as well) without breaking everything
>> else on the server.
>>
>> But why? If you can create user entry and add mac address as an attribute
>> value it requires minimal effort on user admin side to create an entry
>> with mac address as username value at the same time. A simple additional
>> insert. Even if it is a closed code solution that you can't change, you
>> can always make two entries - one for the user as username and one with
>> mac address as username.
>>
>> Be honest, if your user admin application can't do what you want, should
>> you:
>>
>> - hack your radius server?
>>
>> - hack your user admin application?
>>
>> It is credit to the quality and flexibility of Freeradius that messing
>> with the radius server comes up as an option at all.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> Dana 15/12/2008, "Leigh Martell" <leigh.martell at gmail.com> piše:
>>
>> >Well thats not entirely true; you can create an association table(if thats
>> >the right term) which has id,username, mac and then edit your query with
>> >some joins and additional magic...I would not suggest this but it is
>> >possible just very messy. I would highly recommend doing this the
>> >traditional way...at least if you value your sanity ;-).
>> >
>> >--
>> >Leigh
>> >
>> >On Mon, Dec 15, 2008 at 4:22 PM, <tnt at kalik.net> wrote:
>> >
>> >> >In my case I can't look for MAC in Username field and I have to look
>> for
>> >> >that mac in Value field. Hope that have a way to make this happens.
>> >> >
>> >>
>> >> You don't seem to get the problem. You have set up your AP to do mac
>> >> authentication. When you do that, mac address is sent in the username
>> >> filed. If you don't want that, don't set your AP to do mac auth. Set
>> >> it to do user authentication. When you are doung user auth, mac address
>> >> should appear as Calling-Station-Id (should).
>> >>
>> >> There is *nothing* you can do in freeradius that will make your AP do
>> >> this. You have to configure the AP to do that.
>> >>
>> >> Ivan Kalik
>> >> Kalik Informatika ISP
>> >>
>> >> -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> >>
>> >
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>




More information about the Freeradius-Users mailing list