MAC authentication using FreeRadius

Max .M mmourand at gmail.com
Tue Dec 29 17:47:10 CET 2015


Thank you Anirudh,

I'm a bit new to FreeRadius, would you mind giving more details on where to
enter those strings and how to put his in place ?

Thanks !

2015-12-29 5:27 GMT-05:00 Anirudh Malhotra <amalhotra.sp-dl at nkn.in>:

> man unlang
> freeradius.org/radiusd/man/unlang.html
>
> basically you need something like
> if ("%{sql:SELECT count(*) FROM your_table WHERE mac_Address =
> '%{Calling-Station-Id}'}" > 0) {
>  update control {
>  Auth-Type := Accept
>
>  }
>  }
>
>
> On 12/29/15 01:18 PM, "Max .M"  <mmourand at gmail.com> wrote:
> >
> > Could you give me more details or a link explaining how to achieve this
> > please ?
> > I'm new to freeradius and all this, this would be really helpful.
> >
> > Also, security is not an issue for them, also it's just basic guest
> access
> > on a separate network.
> >
> > Thanks
> >
> > 2015-12-29 2:33 GMT-05:00 Anirudh Malhotra <amalhotra.sp-dl at nkn.in>:
> >
> > > Hi,
> > >
> > > So when you are registering the user you must be keeping the MAC of the
> > > user, if not, keep it in whatever registering table you are keeping
> rest of
> > > the details.
> > > Then use unlang in authorize section to check calling station id if it
> > > matches change auth-type to accept.
> > >
> > > I wouldn't suggest this though, as MACs can be spoofed easily. The
> better
> > > method would be to use encrypted cookies(just like remember my password
> > > ones) so that the captive portal gets those cookies and lets user log
> in.
> > >
> > > BR,
> > > Anirudh Malhotra
> > >
> > > On 12/29/15 12:54 PM, "Max .M" <mmourand at gmail.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > thanks for taking the time to read.
> > > >
> > > > When this person that registered will leave the shop and come back 3
> days
> > > > later, I want it to bypass the captive portal. This is why I will
> > > activate
> > > > MAC authentication on the access point.
> > > > I just need a way to tell the access point : if mac adress of MAC
> auth is
> > > > in SQL database, then authenticate (bypass captive portal)
> > > >
> > > > Thank you,
> > > >
> > > > 2015-12-29 2:10 GMT-05:00 Anirudh Malhotra <amalhotra.sp-dl at nkn.in>:
> > > >
> > > > > Hi,
> > > > >
> > > > > Your question is not very clear.
> > > > > Presuming that you want to store the MAC's of whoever is connecting
> > > > > > this is already being done in radacct table
> > > > > if people are registering they must be connected right? and when
> they
> > > are
> > > > > connected why do you need their MAC address after they are
> connected
> > > what
> > > > > help would that do?
> > > > >
> > > > > BR,
> > > > > Anirudh Malhotra
> > > > >
> > > > > On 12/29/15 09:11 AM, "Max .M" <mmourand at gmail.com> wrote:
> > > > > >
> > > > > > Hi everyone,
> > > > > >
> > > > > > i'm looking in a way to set-up MAC authentication using
> FreeRadius
> > > and
> > > > > > MySQL and any help would be much appreciated :)
> > > > > >
> > > > > > I have a scenario where multiple shops will have guest
> > > authenticating and
> > > > > > when someone register to their public wi-fi, we want their MAC
> to be
> > > > > stored
> > > > > > in the SQL database and do a check against it using MAC
> > > authentication on
> > > > > > the Aruba IAPs.
> > > > > >
> > > > > > I guess I need to find a way to capture the Calling-Station-Id
> and
> > > store
> > > > > it
> > > > > > into a table into the database and then I need to do a check
> against
> > > it
> > > > > for
> > > > > > every MAC it receives as a "username and password'
> > > > > >
> > > > > > Right now I can authenticate to my captive portal using
> FreeRadius +
> > > > > MySQL,
> > > > > > I can also enable MAC auth on my IAP and add a user with my
> phone's
> > > MAC
> > > > > > address as a username and password and it's working.
> > > > > >
> > > > > > I'm really looking into a way to automate this :)
> > > > > >
> > > > > > Thanks a lot
> > > > > > -
> > > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list