EAP+PEAP SQL + MAC AUTH?
Son Gus
songooze at yahoo.com
Thu Jul 9 16:43:15 CEST 2009
Hello guys! I was hoping you could help me with something its been troubling me the last two days. Im using a freeradius to authtenticate users on a WPA-Enterprise enviroment. What i would like to do now is to add another layer of security matching the MAC address of the user as well the user+password. The user and password thing is working without a problem, but i dont quite understand what is the way (or the best way) to accomplish the MAC thing.
Google says that i could use Calling-Station-id , so what i do is i create a Group and attach Calling-Station-id as a check item and put the MAC i want for that user to match but the user gets into the network no matter what MAC he has.
I can see the calling-station-id coming from the NAS in the debug mode but doesnt seem to be checked.
As an alternative i tried to use checkval. I add the checkval module on authorize.. and then where do i put the calling-station-id item?
The questions are then:
For the group to work, should i put another atribute apart from the calling-station-id for the check? Like the thing you do for Dynamic VLAN assignment...
Whats the best/easiest way to accomplish this? checkval or using the attribute directly?
I use freeradius 2.1.0 and daloradius. Users r stored in an sql database.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090709/0ac4950a/attachment.html>
More information about the Freeradius-Users
mailing list