PEAP/MSCHAPv2 bounded to a particular MAC Address
Marco Gaiarin
gaio at sv.lnf.it
Tue Jan 28 16:36:34 CET 2014
[ Sorry, i'm not subscribed to that list, i will follow it on the web
interface but if you can, put me on CC. Thanks. ]
Platform: debian squeeze, freeradius 2.1.10+dfsg-2+squeeze1.
Some year ago i've setup a (i think rather standard) freeradius config
to handle PEAP/MSCHAPv2 authentication (also machine account one) for
some portable system.
I've also enabled some ''static'' account, for some guests, eg i can
add in 'users' file something like that:
username1 User-Password := "password1", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Apr 29 2010 18:00:00"
now i need to lock that ''static'' password to a particular MAC
address. I've verified that my AP send 'Calling-Station-Id', and i've
tried to (with some google help) something like that:
username1 User-Password := "password1", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Apr 29 2010 18:00:00", Calling-Station-Id == "c8b5b723ecd7"
or like that:
username1 User-Password := "password1", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Apr 29 2010 18:00:00", Huntgroup-Name == "ipm1"
having in 'huntgroups' a line like:
ipm1 Calling-Station-Id == c8b5b723ecd7
But nothing works. I've also see:
http://wiki.freeradius.org/guide/Mac-Auth/46b5f10bc41dd0d5bf3f8dda41e87dd9c321b7a6
but seems to me unrelated, or at least probably could be useful the mac
address normalization across different AP, but for now i'm in a testing
phase.
I'm doing the right thing? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the Freeradius-Users
mailing list