EAP authentication and DHCP
Alan DeKok
aland at deployingradius.com
Sun Sep 27 16:13:28 CEST 2015
On Sep 27, 2015, at 1:15 AM, HernĂ¡n Freschi <hjf at hjf.com.ar> wrote:
> I would like to authenticate WiFi users with EAP and assign an IP address
> based on their username.
> I realize this is a two step process: first, the user must be authenticated
> with EAP. Once this is done, the user will request an IP address via DHCP.
> But there is no connection between the EAP username, and the client's MAC
> address which EAP uses.
>
> With EAP, the MAC address is the Calling-Station-ID for the Anonymous
> identity. The tunneled identity has no ID.
Sure. Just write the inner ID and the outer Calling-Station-Id to SQL. You may need to create a custom table for this. You should probably also write the login time, too.
> Is it possible to use the post-auth section to log both username and MAC,
> so the DHCP module can look up the username from MAC address, and assign
> the address from the right pool?
Yes.
> By default the post-auth module writes two
> records to the radpostauth table: one, from the anonymous identity with the
> Calling-Station-ID set to the MAC address, and another, for the tunneled
> identity, with an empty calling ID.
You can fix that by editing the configuration files. That's why they're text.
Alan DeKok.
More information about the Freeradius-Users
mailing list