How possible is this???

Martin MacLeod-Brown mmacleod at london.edu
Mon Nov 3 16:51:39 CET 2008


After playing around with Freeradius and LDAP integration we have
decided to try and simplify things to avoid the 'big bang approach' as
we are not confident enough to go the whole way.

My current thinking for our wired network is to add the MAC-addresses of
all our desktop machines (2500 PC/laptops) into LDAP with the
MAC-address being both the user name and password. 
We would then try FreeRadius and MAC-Authentication - how feasible is
this and are there any gotcha's?

I am going to start googling the best way to this, although most of the
links seem to relate to wireless rather than wired setups.
Can someone help by typing a simple list of the steps I need to follow
so I can google and hopefully work out how to do this?

Im thinking 

Import the Mac addresses into LDAP
List the IP of all our edge switches in clients.conf
Configure the shared secret
Configure radiusd.conf to talk to the LDAP server - partially done
Set up switches to query the radius server

Are there any good how-to's on radius and mac-auth?

We are looking to keep things as simple as possible so we can get used
to using radius, before thinking about deploying 802.1x and I am
desperate to avoid having to use IAS

Many thanks

Martin

Martin Macleod-Brown | Infrastructure Engineer - Networks & Security
Direct line +44 (0)20 7000 7772 | Email mmacleod at london.edu

www.london.edu



______________________________________________________________________

This email has been scanned by the MessageLabs Email Security System
on behalf of the London Business School community.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________




More information about the Freeradius-Users mailing list