IP locking with freeradius

Alan DeKok aland at deployingradius.com
Wed May 29 19:52:58 CEST 2013


Renan Rodrigues wrote:
> There is something I am trying to do with radius and can't find how.
> (One month googling and nothing done...)
> What I want is to authenticate my users with their MAC and IP-ADDRESS,
> so, even if they have root-access to their systems, they can't change
> their IP-ADDRESS by themselves, because radius is going to reject then.
> 
> Until now, I have a radius mac-authenticating and working together with
> dhcpd. I've tried to use ip-pool, that works, but someone still can
> change ip-address by hand and keep networking....
> 
> So, it is possible to work this out?

  No.

  The IP address doesn't come in the Access-Request.  So you can't
enforce it.

  Alan DeKok.


More information about the Freeradius-Users mailing list