MAC Address and Username Binding on FreeRADIUS
Christ Schlacta
lists at aarcane.org
Tue Apr 12 19:32:52 CEST 2011
SO far as I know, there is no good way to automatically add a mac
address to a user entry, or an user entry to a mac80211 entry on first
connect. the UNLANG to ensure that the mac address matches for a
validated account is simple however, and you should have no issue
figuring that out. see modules/checkval for an example.
You can, however, easily run a script to watch the output for successful
auth attempts with no mac<-->user mapping, and have your script add that
mapping. I find it's usually better, however, to just have someone
manually inject the mapping.
are you trying to lock a single laptop to a single user, or a single
user to a single laptop? if this is an environment where people can
provide their own hardware, you'd be better off not locking them in, but
instead just correlating them, as many people can have more than one
laptop. additionally, in today's modern age of multi-user systems, many
people can share a single laptop as well, so you should also be aware of
that.
good luck!
On 4/12/2011 03:11, syharash wrote:
> Hi,
>
> My FreeRadius is working fine, my wireless clients are able to authenticate
> with username and password from the /etc/raddb/users file and dynamic vlan
> assignment is working fine too. Need to now configure to restrict a user to
> get authenticated only from a single mac address, so the dynamic vlan
> assignment is restricted to that user only from its authorized mac address.
> Please help. I tried following the How-to guide but have not been able to
> get it working. please help. I have attached my configuration files for your
> reference, please let me know if how to go about doing it.
>
>
>
> http://freeradius.1045715.n5.nabble.com/file/n4297874/authorize_macs
> authorize_macs
> http://freeradius.1045715.n5.nabble.com/file/n4297874/default%5Bsites-available%5D
> default%5Bsites-available%5D
> http://freeradius.1045715.n5.nabble.com/file/n4297874/eap.conf eap.conf
> http://freeradius.1045715.n5.nabble.com/file/n4297874/files files
> http://freeradius.1045715.n5.nabble.com/file/n4297874/policy.conf
> policy.conf
> http://freeradius.1045715.n5.nabble.com/file/n4297874/radiusd.conf
> radiusd.conf http://freeradius.1045715.n5.nabble.com/file/n4297874/users
> users
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/MAC-Address-and-Username-Binding-on-FreeRADIUS-tp4297874p4297874.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list