EAP & MAC Auth

Phil Mayers p.mayers at imperial.ac.uk
Tue Jun 17 17:21:16 CEST 2014


On 17/06/14 16:07, Russell Mike wrote:
> Hi List Members
>
>
> How can we do EAP authentication & MAC address look up in addition
> (stored in MySQL DBMS) before accepting?

This question is very vague. Please be more specific.

The literal answer is "put an SQL lookup into your config" but this 
doesn't help you.

Here's an example of something you might do:

authorize {
   ...
   if (EAP-Message && Calling-Station-Id) {
     # some SQL query to find out which username
     # is allowed for this MAC address
     update control {
       Tmp-String-0 := "%{sql: ... where mac='%{Calling-Station-Id}'}"
     }
     if (control:Tmp-String-0 != "%{User-Name}") {
       # this username isn't allowed from this mac
       reject
     }
   }
   ...
   eap
}

If you want a more specific example, please ask a more specific question.


More information about the Freeradius-Users mailing list