MAC authentication using FreeRadius

Anirudh Malhotra 8zero2ops at gmail.com
Tue Dec 29 17:58:20 CET 2015


Hi,

Put it in authorize, and please read/research more before asking questions it will help you in understanding technologies more. I hope you dont mind :)

BR,
Anirudh Malhotra
8zero2
Mail: 8zero2.in at gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in

On 29 Dec 2015, 22:17 +0530, Max .M<mmourand at gmail.com>, wrote:
> Thank you Anirudh,
> 
> I'm a bit new to FreeRadius, would you mind giving more details on where to
> enter those strings and how to put his in place ?
> 
> Thanks !
> 
> 2015-12-29 5:27 GMT-05:00 Anirudh Malhotra<amalhotra.sp-dl at nkn.in>:
> 
> > man unlang
> > freeradius.org/radiusd/man/unlang.html
> > 
> > basically you need something like
> > if ("%{sql:SELECT count(*) FROM your_table WHERE mac_Address =
> > '%{Calling-Station-Id}'}">0) {
> > update control {
> > Auth-Type := Accept
> > 
> > }
> > }
> > 
> > 
> > On 12/29/15 01:18 PM, "Max .M"<mmourand at gmail.com>wrote:
> > > 
> > > Could you give me more details or a link explaining how to achieve this
> > > please ?
> > > I'm new to freeradius and all this, this would be really helpful.
> > > 
> > > Also, security is not an issue for them, also it's just basic guest
> > access
> > > on a separate network.
> > > 
> > > Thanks
> > > 
> > > 2015-12-29 2:33 GMT-05:00 Anirudh Malhotra<amalhotra.sp-dl at nkn.in>:
> > > 
> > > > Hi,
> > > > 
> > > > So when you are registering the user you must be keeping the MAC of the
> > > > user, if not, keep it in whatever registering table you are keeping
> > rest of
> > > > the details.
> > > > Then use unlang in authorize section to check calling station id if it
> > > > matches change auth-type to accept.
> > > > 
> > > > I wouldn't suggest this though, as MACs can be spoofed easily. The
> > better
> > > > method would be to use encrypted cookies(just like remember my password
> > > > ones) so that the captive portal gets those cookies and lets user log
> > in.
> > > > 
> > > > BR,
> > > > Anirudh Malhotra
> > > > 
> > > > On 12/29/15 12:54 PM, "Max .M"<mmourand at gmail.com>wrote:
> > > > > 
> > > > > Hi,
> > > > > 
> > > > > thanks for taking the time to read.
> > > > > 
> > > > > When this person that registered will leave the shop and come back 3
> > days
> > > > > later, I want it to bypass the captive portal. This is why I will
> > > > activate
> > > > > MAC authentication on the access point.
> > > > > I just need a way to tell the access point : if mac adress of MAC
> > auth is
> > > > > in SQL database, then authenticate (bypass captive portal)
> > > > > 
> > > > > Thank you,
> > > > > 
> > > > > 2015-12-29 2:10 GMT-05:00 Anirudh Malhotra<amalhotra.sp-dl at nkn.in>:
> > > > > 
> > > > > > Hi,
> > > > > > 
> > > > > > Your question is not very clear.
> > > > > > Presuming that you want to store the MAC's of whoever is connecting
> > > > > > > this is already being done in radacct table
> > > > > > if people are registering they must be connected right? and when
> > they
> > > > are
> > > > > > connected why do you need their MAC address after they are
> > connected
> > > > what
> > > > > > help would that do?
> > > > > > 
> > > > > > BR,
> > > > > > Anirudh Malhotra
> > > > > > 
> > > > > > On 12/29/15 09:11 AM, "Max .M"<mmourand at gmail.com>wrote:
> > > > > > > 
> > > > > > > Hi everyone,
> > > > > > > 
> > > > > > > i'm looking in a way to set-up MAC authentication using
> > FreeRadius
> > > > and
> > > > > > > MySQL and any help would be much appreciated :)
> > > > > > > 
> > > > > > > I have a scenario where multiple shops will have guest
> > > > authenticating and
> > > > > > > when someone register to their public wi-fi, we want their MAC
> > to be
> > > > > > stored
> > > > > > > in the SQL database and do a check against it using MAC
> > > > authentication on
> > > > > > > the Aruba IAPs.
> > > > > > > 
> > > > > > > I guess I need to find a way to capture the Calling-Station-Id
> > and
> > > > store
> > > > > > it
> > > > > > > into a table into the database and then I need to do a check
> > against
> > > > it
> > > > > > for
> > > > > > > every MAC it receives as a "username and password'
> > > > > > > 
> > > > > > > Right now I can authenticate to my captive portal using
> > FreeRadius +
> > > > > > MySQL,
> > > > > > > I can also enable MAC auth on my IAP and add a user with my
> > phone's
> > > > MAC
> > > > > > > address as a username and password and it's working.
> > > > > > > 
> > > > > > > I'm really looking into a way to automate this :)
> > > > > > > 
> > > > > > > Thanks a lot
> > > > > > > -
> > > > > > > List info/subscribe/unsubscribe? See
> > > > > > http://www.freeradius.org/list/users.html
> > > > > > > 
> > > > > > -
> > > > > > List info/subscribe/unsubscribe? See
> > > > > > http://www.freeradius.org/list/users.html
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > > > 
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > > 
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > > 
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list