MAC authentication using FreeRadius

Anirudh Malhotra amalhotra.sp-dl at nkn.in
Tue Dec 29 08:33:07 CET 2015


Hi,

So when you are registering the user you must be keeping the MAC of the user, if not, keep it in whatever registering table you are keeping rest of the details.
Then use unlang in authorize section to check calling station id if it matches change auth-type to accept.

I wouldn't suggest this though, as MACs can be spoofed easily. The better method would be to use encrypted cookies(just like remember my password ones) so that the captive portal gets those cookies and lets user log in.

BR,
Anirudh Malhotra

On 12/29/15 12:54 PM, "Max .M"  <mmourand at gmail.com> wrote: 
> 
> Hi,
> 
> thanks for taking the time to read.
> 
> When this person that registered will leave the shop and come back 3 days
> later, I want it to bypass the captive portal. This is why I will activate
> MAC authentication on the access point.
> I just need a way to tell the access point : if mac adress of MAC auth is
> in SQL database, then authenticate (bypass captive portal)
> 
> Thank you,
> 
> 2015-12-29 2:10 GMT-05:00 Anirudh Malhotra <amalhotra.sp-dl at nkn.in>:
> 
> > Hi,
> >
> > Your question is not very clear.
> > Presuming that you want to store the MAC's of whoever is connecting
> > > this is already being done in radacct table
> > if people are registering they must be connected right? and when they are
> > connected why do you need their MAC address after they are connected what
> > help would that do?
> >
> > BR,
> > Anirudh Malhotra
> >
> > On 12/29/15 09:11 AM, "Max .M" <mmourand at gmail.com> wrote:
> > >
> > > Hi everyone,
> > >
> > > i'm looking in a way to set-up MAC authentication using FreeRadius and
> > > MySQL and any help would be much appreciated :)
> > >
> > > I have a scenario where multiple shops will have guest authenticating and
> > > when someone register to their public wi-fi, we want their MAC to be
> > stored
> > > in the SQL database and do a check against it using MAC authentication on
> > > the Aruba IAPs.
> > >
> > > I guess I need to find a way to capture the Calling-Station-Id and store
> > it
> > > into a table into the database and then I need to do a check against it
> > for
> > > every MAC it receives as a "username and password'
> > >
> > > Right now I can authenticate to my captive portal using FreeRadius +
> > MySQL,
> > > I can also enable MAC auth on my IAP and add a user with my phone's MAC
> > > address as a username and password and it's working.
> > >
> > > I'm really looking into a way to automate this :)
> > >
> > > Thanks a lot
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


More information about the Freeradius-Users mailing list