EAP+PEAP SQL + MAC AUTH?

Ivan Kalik tnt at kalik.net
Thu Jul 9 20:34:34 CEST 2009


> Hello guys! I was hoping you could help me with something its been
> troubling me the last two days. Im using a freeradius to authtenticate
> users on a WPA-Enterprise enviroment. What i would like to do now is to
> add another layer of security matching the MAC address of the user as well
> the user+password.  The user and password thing is working without a
> problem, but i dont quite understand what is the way (or the best way) to
> accomplish the MAC thing.
>

Oddly enough, same as the password thing - add it to radcheck (not
radgroupcheck).

> The questions are then:
>
> For the group to work, should i put another atribute apart from the
> calling-station-id for the check? Like the thing you do for Dynamic VLAN
> assignment...

That won't work. If radgroupcheck item(s) don't match group gets ignored -
user is not rejected.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list