usename + password + MAC address

Hilton Guaraldi guaraldi at gmail.com
Fri Sep 11 06:29:06 CEST 2009 

Oops!!!
Putting my head in the right place... :-)

May I insert in the radcheck table for user guaraldi, password
mudar123, MAC 00-18-E7-41-AD-C2 the following lines???

1    DEFAULT              Fall-Through                   =
yes
2    guaraldi                 Cleartext-Password        :=            mudar123
3    guaraldi                 Calling-Station-Id            ==
  00-18-E7-41-AD-C2
4    guaraldi                 Simultaneous-Use          :=            1

And set in the peap section of eap.conf file:    copy_request_to_tunnel  = yes
Is this correct????????????

Guaraldi




To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Subject: Re: MAC auth won't work with SQL
From: <tnt at kalik.net>
Date: Tue, 31 Mar 2009 22:11:12 +0100
Bounce-to: <tnt at kalik.net>
In-reply-to: <001e01c9b23c$bab0f170$3012d450$@com>
Reply-to: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>

--------------------------------------------------------------------------------

>Hi, I've setup two different Linux machines with FR and still can't get MAC
>authentication working with Calling-Station-Id in the radchk table. I've
>checked FAQ and have googled for hours. I've tried a hosted and local mySQL
>server.
>

If you only bothered looking at debug and configuration files for the
authentication method you are using. Outer request:

>rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=191,
>length=230
..
>        Calling-Station-Id = "00-1C-B3-B1-3E-07"
..

has that attribute in it, and inner request (user is authenticated in
inner tunnel):

>Sending tunneled request
>
>        EAP-Message =
>0x026c00491a026c00443177f318d460fc36f9cc77a41c0a4b3656000000000000000010538d
>55c2badfcc4a85b41f875a5521f978d255be29a7d20065676569657240736b796e657473
>
>        FreeRADIUS-Proxied-To = 127.0.0.1
>
>        User-Name = "egeier at skynets"
>
>        State = 0x8433f2b7845fe8463016d60fe5b8c67e

.. doesn't! You have a setting copy_request_to_tunnel in peap section
of eap.conf. Enable it.

Ivan Kalik
Kalik Informatika ISP


*************************************************************************************
>
>
>
> 2009/9/7 Ivan Kalik <tnt at kalik.net>:
>>> On a Radius version 2.x, we would like to tie an user to a MAC address.
>>>
>>> The auth key would then be the username, password and MAC address
>>> (Calling Station ID).
>>>
>>> Where is the right place to do that?
>>> - On the freeRadius? (any hint, please?)
>>> - In the PGSQL behind? (using some FUNCTION, I have an idea of that)
>>
>> If you are using postgre to store user data - then radcheck table (one
>> entry for password and one for Calling-Station-Id).
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>

More information about the Freeradius-Users mailing list