MAC Auth first, then User?

Alexander Clouter alex at
Thu Sep 23 16:55:43 CEST 2010

Rob Yamry <ryamry at> wrote:
> We are experiencing an issue where certain policies need to push down to
> laptops before the user enters their credentials to authenticate to the
> wireless network.  We only have Radius/802.1x enabled on the wireless right
> now.  Is it possible to authenticate the device based on MAC address so the
> initial connection is there (so the laptop is "online") and then have the
> user authenticate via the Novell Client (with 802.1x) to login to the
> desktop?
No, not unless your wireless controller supports it.

On the wired side, you can usually get something better:

To be frank, in your situation I would *not* recommend it.  Workstation 
and User authentication are two separate things; although you might use 
the user credentials to 'bootstrap' (to vouch for the MAC address in use 
for that session) the host authentication.

This has nothing to do with FreeRADIUS also...


Alexander Clouter
.sigmonster says: Chicken Little was right.

More information about the Freeradius-Users mailing list