how to setup MAC based authentication with LDAP
Thomas Stather
Thomas.Stather at mpimf-heidelberg.mpg.de
Wed Apr 15 14:12:24 CEST 2015
Hello list
I am new to RADIUS and i'd like to know how to setup a mac-based
authentication for my clients.
Here is what i have so far:
-freeradius 3.0.3
-/etc/raddb/clients.conf (setupped with the IPs of the NAS devices)
Now i'm unsure how to configure the mods-enabled/ldap configuration.
All the hosts are located in an OU named "hosts", the mac-address of
each host has the attribute name "macAddress" within the host object
(i.e cn=testdevice).
My virtual server in sites-enabled/macauth looks like this:
server macauth {
authorize {
preprocess
# clean the Calling-Station-ID
rewrite_calling_station_id
# now authenticate against LDAP
ldap
if (!ok) {
reject
}
else {
# accept
update control {
Auth-Type := Accept
}
}
}
authenticate {
Auth-Type LDAP {
ldap
}
}
# Pre-accounting. Decide which accounting type to use.
preacct {
preprocess
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
acct_unique
}
# Accounting. Log the accounting data.
accounting {
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
radutmp
# filter attributes from the accounting response
attr_filter.accounting_response
}
# Session database, used for checking Simultaneous-Use. Either the
radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
radutmp
}
}
Can somebody help please?
Best,
Thomas
--
Thomas Stather
IT Services
Tel: +49 6221-486 628
Fax: +49 6221-486 561
------------------------------------------------------------------------
Max Planck Institute for Medical Research (MPImF)
Jahnstrasse 29, 69120 Heidelberg
Germany
More information about the Freeradius-Users
mailing list