IP locking with freeradius
Alan DeKok
aland at deployingradius.com
Wed May 29 19:52:58 CEST 2013
Renan Rodrigues wrote:
> There is something I am trying to do with radius and can't find how.
> (One month googling and nothing done...)
> What I want is to authenticate my users with their MAC and IP-ADDRESS,
> so, even if they have root-access to their systems, they can't change
> their IP-ADDRESS by themselves, because radius is going to reject then.
>
> Until now, I have a radius mac-authenticating and working together with
> dhcpd. I've tried to use ip-pool, that works, but someone still can
> change ip-address by hand and keep networking....
>
> So, it is possible to work this out?
No.
The IP address doesn't come in the Access-Request. So you can't
enforce it.
Alan DeKok.
More information about the Freeradius-Users
mailing list