User + Password + MAC address group authentication
Alan DeKok
aland at deployingradius.com
Mon Jul 12 12:50:04 CEST 2010
Aaron Jansen wrote:
>> For a user FreeRADIUS should check the user name, password, and the MAC
>> address. The MAC address can be one of many in a list stored in a
>> database. So, this is not about a single user logging in on only one
>> device.
Edit the SQL queries. They're text in a config file for a reason.
>> I have taken a look at the rad(group)check table, but it seems that ALL
>> attributes should check out alright for the user to be authenticated.
>> So, I cannot just simply add a list of all possible user/MAC
>> combinations.
You can also write SELECT statements in the config files.
authorize {
...
sql # see radcheck && radreply
# look up the Calling-Station-Id in the MAC table
if ("%{sql: SELECT mac from mac_table WHERE ... }") {
# mac was found
}
else {
reject # mac wasn't found
}
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list