Storing user MAC address after first auth

Tomas Mecir mecirt at
Thu May 7 11:18:51 CEST 2009

Greetings !

I have the following situation here that I'd like to ask for some
assistance with, if possible:

My client has a RADIUS server installed (running freeRADIUS 2.0.5),
and routers working as hotspots that users can connect to. Users can
authorize against the RADIUS server using a name/password combination,
which is stored in a MySQL database (using the rlm_sql module and the
Cleartext-Password attribute in the radcheck table). This part works

Now, my client wants an extra check to be added which would allow each
user to login only from a specific MAC address, which can be different
for each user, and which is obtained when the user logs in for the
first time. Checking the MAC address is easy, as the hotspot is
sending the MAC address in the Calling-Station-Id attribute that I
could easily store in the radcheck table as well - but the problem is
that this MAC address is not known when the name/password pair is
being added to the radcheck table, and I am to make it so that when
the user is successfully authorized for the first time, there is no
MAC check, but the user's current MAC address is remembered on the
server, and further logins are only permitted from that MAC address.

So, I am thinking that the best solution would be to have the RADIUS
server add a new "(username), 'Calling-Station-Id', '=', (user's MAC)"
entry to the radcheck table, right after a successful SQL auth step,
if such an entry isn't yet in the table.

And my question is - is there a way to accomplish this with existing
FreeRADIUS modules, or do I need to implement my own module to do this

Thank you !

/ Tomas

More information about the Freeradius-Users mailing list