MAC Auth first, then User?
Alexander Clouter
alex at digriz.org.uk
Thu Sep 23 16:55:43 CEST 2010
Rob Yamry <ryamry at kimberly.k12.wi.us> wrote:
>
> We are experiencing an issue where certain policies need to push down to
> laptops before the user enters their credentials to authenticate to the
> wireless network. We only have Radius/802.1x enabled on the wireless right
> now. Is it possible to authenticate the device based on MAC address so the
> initial connection is there (so the laptop is "online") and then have the
> user authenticate via the Novell Client (with 802.1x) to login to the
> desktop?
>
No, not unless your wireless controller supports it.
On the wired side, you can usually get something better:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/application_note_c27-573287.pdf
To be frank, in your situation I would *not* recommend it. Workstation
and User authentication are two separate things; although you might use
the user credentials to 'bootstrap' (to vouch for the MAC address in use
for that session) the host authentication.
This has nothing to do with FreeRADIUS also...
Cheers
--
Alexander Clouter
.sigmonster says: Chicken Little was right.
More information about the Freeradius-Users
mailing list