MAC based auth

[Hegedus Gabor]

Alan DeKok wrote:
> Hegedus Gabor wrote:
>   
>> read manuals but i don't know how can i  use  mac  based authentication.
>>     
>
>   MAC based authentication is just configuring the server to accept the
> user if the MAC is known.
>
>   
>> I used eap-tls and username/pass. It worked good.
>> but when I not log on to the Windows server, I want to authenticate the
>> computer, cos my server services have to reachable.
>>
>> pc try authenticate using name like host/PCNAME  but i don't know what
>> is a password...
>>     
>
>   It's in the Active Directory database.  Configure the server to do
> MS-CHAP, and it should work for machine authentication.
>
>   

I don't use AD the pc is not in domain (jet). my freeradius do ms-chap.

>> I think if i use mac address based auth., i don't need username/pass,
>> simply enough a mac address.
>>
>> or is it a wrong idea?
>>     
>
>   It might not work.
>
>   
>> how can i set it to use just mac addresses to authentication?I want
>> authenticate the hardware not the user(cos the user is not logged on).
>>     
>
>   Just return an Access-Accept if the MAC is OK... but that means the
> users won't be authenticated, either.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
This is my problem, what can you suggest to me :
I want use 802.1x port auth, although the machines are servers, and 
users logging in rarely.
the machines will automaticly do the authentication(this is the goal), 
but how can i set the pass, cos  i set the name of the pc and  it will 
be sent,  but the  pass...
This u/p seem better security than use just mac address.

Gabor