MAC Authentication - Bad Idea?

Gary Gatten Ggatten at waddell.com
Wed Feb 2 20:26:52 CET 2011


What about ppp based auth?  Many providers in the US still use this for xDSL service.  If the CPE supports it, it's usually transparent to the users.

G


-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Jim Rice
Sent: Wednesday, February 02, 2011 1:15 PM
To: FreeRadius users mailing list
Subject: Re: MAC Authentication - Bad Idea?

Thanks, Alan.

The MikroTik routers can be configured to send a variety of MAC address formats, the default is XX:XX:XX:XX:XX:XX

It can also be set to include the same MAC address in the Password field, instead of NULL, but I do not see any added benefit to that.

>> but had to set Auth-Type := Accept.
> 
>   Hmm... that's probably not the best way to do it,
> but if it works...

Is there a best (or better) way?

Do I need to be concerned with MAC spoofing?

Thanks again,

Jim

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>





More information about the Freeradius-Users mailing list