MAC Address Auth
Marinko Tarlać
mangia81 at gmail.com
Mon Apr 8 13:36:24 CEST 2013
Add
eric at ut3 Calling-Station-Id == 02:1B:9E:D3:0B:F0
inside radcheck table or inside users file
eric at ut3 Cleartext-Password := "eric", Simultaneous-Use := 1
Calling-Station-Id == 02:1B:9E:D3:0B:F0
Service-Type = Framed-User,
Qos-Policy-Policing = broadband_128_policing,
Qos-Policy-Metering = broadband_128_metering,
Framed-Protocol = PPP,
Ip_Address_Pool_Name = pool_128,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Fall-Through = 0
NOtice the double "=" sign....
On 8.4.2013 13:18, Mulindwa wrote:
> Hi good pple, have been reading on how to enforce the attribute of
> Mac-Addr and i have not seen it anywhere.
>
> Has anyone done it before, please help throw some light on how i can
> achieve this.
>
> I want user eric at ut3 with this Mac Address to log in , and if the MAC
> address is different he will not be granted access.
>
>
> eric at ut3 Cleartext-Password := "eric", Simultaneous-Use := 1
> Mac-Addr = 02-1B-9E-D3-0B-F0,
> Service-Type = Framed-User,
> Qos-Policy-Policing = broadband_128_policing,
> Qos-Policy-Metering = broadband_128_metering,
> Framed-Protocol = PPP,
> Ip_Address_Pool_Name = pool_128,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Fall-Through = 0
> Eric M
> ------------------------------------------------------------------------
> *From:* Mulindwa <meric_l at yahoo.com>
> *To:* FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> *Sent:* Friday, April 5, 2013 9:07 AM
> *Subject:* Re: MAC Address Auth
>
> Thanks Mattias,
>
> I get an error saying; Unknown attribute "Attr-2352-145"
>
> This is how i have it setup
>
>
> user20001 at ut3 Password = "006060", Simultaneous-Use = 1
> Attr-2352-145 = "5c-7d-5e-3f-d0-f7",
> Service-Type = Framed-User,
> Qos_Policy_Policing = broadband_128_policing,
> Qos_Policy_Metering = broadband_128_metering,
> Framed-Protocol = PPP,
> Ip_Address_Pool_Name = pool_128,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Fall-Through = 0
>
> Eric M
> ------------------------------------------------------------------------
> *From:* Matthias Nagel <matthias.h.nagel at gmail.com>
> *To:* freeradius-users at lists.freeradius.org
> *Sent:* Thursday, April 4, 2013 5:41 PM
> *Subject:* Re: MAC Address Auth
>
> Hello,
> add the correct check item to your user database. In the case below
> (User-Name = user2000 at ut3) you should have the check item
> Attr-2352-145 == "5c-7d-5e-3f-d0-f7"
> for this speicifc user in your user database. Then you repeat this for
> every user/mac-address pair you want.
> Best regards, Matthias
>
> Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa:
> > Great, i have run the debug and i did get the attribute required.
> > If i want to full fill the two conditions i.e username/passwd and
> Mac Address = Attr-2352-145
> >
> > How would i need to twick my radiusd.conf file to achieve this?
> >
> >
> >
> >
> > User-Name = "user2000 at ut3"
> > CHAP-Password = "cccddd'"
> > CHAP-Challenge = "mmmm"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > NAS-Identifier = "UT-BRAS-EDGE"
> > NAS-IP-Address = x.x.x.x
> > NAS-Port = 855649483
> > NAS_Real_Port = 855638816
> > NAS-Port-Type = Virtual
> > Attr-87 = "3/3 vlan-id 800 pppoe 11467"
> > Medium_Type = 11
> > Attr-2352-145 = "5c-7d-5e-3f-d0-f7" ==== MAC Address
> > Attr-2352-98 = "3"
> > Attr-2352-112 = "6.2.1.9"
> > Acct-Session-Id = "0202FFFF68008FC9-515D8419"
> >
> >
> > Eric M
> >
> >
> > ________________________________
> > From: Mulindwa <meric_l at yahoo.com <mailto:meric_l at yahoo.com>>
> > To: Alan DeKok <aland at deployingradius.com
> <mailto:aland at deployingradius.com>>; FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org
> <mailto:freeradius-users at lists.freeradius.org>>
> > Sent: Thursday, April 4, 2013 4:58 PM
> > Subject: Re: MAC Address Auth
> >
> >
> > Thanks Alan,
> >
> > Let me do so.
> >
> >
> > Eric M
> >
> >
> > ________________________________
> > From: Alan DeKok <aland at deployingradius.com
> <mailto:aland at deployingradius.com>>
> > To: Mulindwa <meric_l at yahoo.com <mailto:meric_l at yahoo.com>>;
> FreeRadius users mailing list <freeradius-users at lists.freeradius.org
> <mailto:freeradius-users at lists.freeradius.org>>
> > Sent: Thursday, April 4, 2013 4:47 PM
> > Subject: Re: MAC Address Auth
> >
> > Mulindwa wrote:
> > > Hi All,
> > >
> > > Have been trying to authenticate my ADSL users using Mac Address Auth,
> > > however i have failed even after going through the documentation.
> > >
> > > I want to authenticate with the highlighted, anyone done this and
> can help?
> >
> > It's been done.
> >
> > > This is how the accounting file looks;
> >
> > If you're trying to debug authentication, it helps to look at
> > *authentication* traffic, and not *accounting* data.
> >
> > And run the server in debugging mode as suggested in the FAQ, "man"
> > page, web pages, and daily on this list.
> >
> > Honestly, there is NO excuse for refusing to do this.
> >
> > Alan DeKok.
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> ----------------------------------------------------------------------
> Matthias Nagel
> Willy-Andreas-Allee 1, Zimmer 506
> 76131 Karlsruhe
>
> Telefon: +49-721-8695-1506
> Mobil: +49-151-15998774
> e-Mail: matthias.h.nagel at gmail.com <mailto:matthias.h.nagel at gmail.com>
> ICQ: 499797758
> Skype: nagmat84
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130408/81df3e4d/attachment-0001.html>
More information about the Freeradius-Users
mailing list