Username/Host authorization

nicolas.clo at nicolas.clo at
Mon Jun 24 16:07:41 CEST 2013

Ok thanks for the reply.
I'm now sure that the best way for us is MAC Address filtering.

Have a good day.

Nicolas CLO


nicolas.clo at wrote:
> We want two authorization in the same times, for example, to ensure that
> user not used his iPhone with his DOMAIN/UserName account.

  That is fairly vague.  You're working with computers.  Be specific.

  WHAT is in an Access-Request when they login using a desktop?

  WHAT is in an Access-Request when they login using their phone?

  HOW are the two requests different?

  Once you know that, it should be easy to create rules which can
distinguish one from the other.  And then apply different rules to each one.

> Mac Authorization is not a good way for us ( Too restrictive to keep up
> to date )
> Authorization by certificat too because we have a lot of hosts which
> doesn't support that.

  You're limited by what is in the Access-Request.  If the only
difference between a desktop and iPhone is a MAC address, too bad.
Computers aren't magic.

  My guess is that the only thing which will really work is MAC address
filtering.  I'd suggest finding a way to make it manageable.

  Alan DeKok.
List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list