MAC Address Auth

Mulindwa meric_l at yahoo.com
Mon Apr 8 13:18:54 CEST 2013


Hi good pple, have been reading on how to enforce the attribute of Mac-Addr and i have not seen it anywhere.

Has anyone done it before, please help throw some light on how i can achieve this.

I want user eric at ut3 with this Mac Address to log in , and if the MAC address is different he will not be granted access.


eric at ut3      Cleartext-Password := "eric", Simultaneous-Use := 1
        Mac-Addr = 02-1B-9E-D3-0B-F0,
        Service-Type = Framed-User,
        Qos-Policy-Policing = broadband_128_policing,
        Qos-Policy-Metering = broadband_128_metering,
        Framed-Protocol = PPP,
        Ip_Address_Pool_Name = pool_128,
        Framed-Address = 255.255.255.254,
        Framed-Netmask = 255.255.255.255,
        Fall-Through = 0

 
Eric M


________________________________
 From: Mulindwa <meric_l at yahoo.com>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org> 
Sent: Friday, April 5, 2013 9:07 AM
Subject: Re: MAC Address Auth
 

Thanks Mattias,

I get an error saying; Unknown attribute "Attr-2352-145"

This is how i have it setup


user20001 at ut3      Password = "006060", Simultaneous-Use = 1
        Attr-2352-145 = "5c-7d-5e-3f-d0-f7",
        Service-Type = Framed-User,
        Qos_Policy_Policing = broadband_128_policing,
        Qos_Policy_Metering = broadband_128_metering,
        Framed-Protocol = PPP,
        Ip_Address_Pool_Name =
 pool_128,
        Framed-Address = 255.255.255.254,
        Framed-Netmask = 255.255.255.255,
        Fall-Through = 0


 
Eric M


________________________________
 From: Matthias Nagel <matthias.h.nagel at gmail.com>
To: freeradius-users at lists.freeradius.org 
Sent: Thursday, April 4, 2013 5:41 PM
Subject: Re: MAC Address Auth
 
Hello,
add the correct check item to your user database. In the case below (User-Name = user2000 at ut3) you should have the check item
Attr-2352-145 == "5c-7d-5e-3f-d0-f7"
for this speicifc user in your user database. Then you repeat this for every user/mac-address pair you want.
Best regards, Matthias

Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa:
> Great, i have run the debug and i did get the attribute required.
> If i want to full fill the two conditions i.e username/passwd and Mac Address = Attr-2352-145
> 
> How would i need to twick my radiusd.conf file to achieve this?
> 
> 
> 
> 
> User-Name = "user2000 at ut3"
>    CHAP-Password = "cccddd'"
>     CHAP-Challenge = "mmmm"
>     Service-Type = Framed-User
>     Framed-Protocol = PPP
>     NAS-Identifier = "UT-BRAS-EDGE"
>    
 NAS-IP-Address = x.x.x.x
>     NAS-Port = 855649483
>     NAS_Real_Port = 855638816
>     NAS-Port-Type = Virtual
>     Attr-87 = "3/3 vlan-id 800 pppoe 11467"
>     Medium_Type = 11
>     Attr-2352-145 = "5c-7d-5e-3f-d0-f7" ==== MAC Address
>     Attr-2352-98 = "3"
>     Attr-2352-112 = "6.2.1.9"
>     Acct-Session-Id = "0202FFFF68008FC9-515D8419"
> 
>  
> Eric M
> 
> 
> ________________________________
>  From: Mulindwa <meric_l at yahoo.com>
> To: Alan DeKok <aland at deployingradius.com>; FreeRadius users mailing list <freeradius-users at lists.freeradius.org> 
> Sent: Thursday, April 4, 2013 4:58 PM
> Subject: Re: MAC Address Auth
>  
> 
> Thanks Alan,
> 
> Let me do so.
> 
>  
> Eric M
> 
> 
> ________________________________
>  From: Alan DeKok <aland at deployingradius.com>
> To: Mulindwa <meric_l at yahoo.com>; FreeRadius users mailing list <freeradius-users at lists.freeradius.org> 
> Sent: Thursday, April 4, 2013 4:47 PM
> Subject: Re: MAC Address Auth
>  
> Mulindwa wrote:
> > Hi
 All,
> > 
> > Have been trying to authenticate my ADSL users using Mac Address Auth,
> > however i have failed even after going through the documentation.
> > 
> > I want to authenticate with the highlighted, anyone done this and can help?
> 
>   It's been done.
> 
> > This is how the accounting file looks;
> 
>   If you're trying to debug authentication, it helps to look at
> *authentication* traffic, and not *accounting* data.
> 
>   And run the server in debugging mode as suggested in the FAQ, "man"
> page, web pages, and daily on this list.
> 
>   Honestly, there is NO excuse for refusing to do this.
> 
>   Alan DeKok.
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
----------------------------------------------------------------------
Matthias Nagel
Willy-Andreas-Allee 1, Zimmer 506
76131 Karlsruhe

Telefon: +49-721-8695-1506
Mobil: +49-151-15998774
e-Mail: matthias.h.nagel at gmail.com
ICQ: 499797758
Skype: nagmat84

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130408/55c16979/attachment.html>


More information about the Freeradius-Users mailing list