EAP authentication and DHCP

HernĂ¡n Freschi hjf at hjf.com.ar
Sun Sep 27 07:15:24 CEST 2015

I would like to authenticate WiFi users with EAP and assign an IP address
based on their username.
I realize this is a two step process: first, the user must be authenticated
with EAP. Once this is done, the user will request an IP address via DHCP.
But there is no connection between the EAP username, and the client's MAC
address which EAP uses.

With EAP, the MAC address is the Calling-Station-ID for the Anonymous
identity. The tunneled identity has no ID.

Is it possible to use the post-auth section to log both username and MAC,
so the DHCP module can look up the username from MAC address, and assign
the address from the right pool? By default the post-auth module writes two
records to the radpostauth table: one, from the anonymous identity with the
Calling-Station-ID set to the MAC address, and another, for the tunneled
identity, with an empty calling ID.


More information about the Freeradius-Users mailing list