User + Password + MAC address group authentication

Alan DeKok aland at
Mon Jul 12 12:50:04 CEST 2010

Aaron Jansen wrote:
>> For a user FreeRADIUS should check the user name, password, and the MAC
>> address. The MAC address can be one of many in a list stored in a
>> database. So, this is not about a single user logging in on only one
>> device. 

  Edit the SQL queries.  They're text in a config file for a reason.

>> I have taken a look at the rad(group)check table, but it seems that ALL
>> attributes should check out alright for the user to be authenticated.
>> So, I cannot just simply add a list of all possible user/MAC
>> combinations. 

  You can also write SELECT statements in the config files.

authorize {

	sql	# see radcheck && radreply

	# look up the Calling-Station-Id in the MAC table
	if ("%{sql: SELECT mac from mac_table WHERE ... }") {
		# mac was found
	else {
		reject # mac wasn't found

  Alan DeKok.

More information about the Freeradius-Users mailing list