Binding MAC address with username

Alexandre Croteau alextyhero123 at live.ca
Wed Dec 21 04:24:47 CET 2016 

Sorry for not being clear, here is a better explaination. My setup is a captive portal (CoovaChilli) with FreeRADIUS and mysql. My users are pre-stored in the RADIUS database. What I'd like to do is that on the first time a user connect from a new device, that device's MAC address is binded to the username. This way, whenever the user reconnects to the network, it would just try to authenticate using the MAC adress, if possible without the user's interaction. I also use the DHCP module of FreeRadius in order to assign a specific subnet for a user group. This way, the user is in a group and gets an IP address specific to this group. 

The whole point of doing this is to redirect the traffic through a Squid proxy and filter by ip ranges. This way, a user logs in the first time it connects to the network. Then, the traffic is filtered according to the user's group (actually school class)

Hope it makes things clear,

Acrilex

> Le 20 déc. 2016 à 21:42, Alan DeKok <aland at deployingradius.com> a écrit :
> 
>> On Dec 20, 2016, at 8:47 PM, Alexandre Croteau <alextyhero123 at live.ca> wrote:
>> 
>> For my setup, I'd like to bind a MAC address to a specific user when it first login. For exemple, user 1 connects from computer 00:11:22:33:44:55. I'd like the system to remember this MAC address, so that the next time the user reuses this same computer, it does not asks to connect again.
> 
>  What does that mean?
> 
>  The switch will always do RADIUS for authentication.  There is no way to tell the switch to bypass RADIUS.
> 
>> This way, the users would rather be the mac addresses. Another solution I think would be to store the MAC address as a new user in the same group as user 1.
> 
>  You're talking about a solution, and how best to implement the solution.
> 
>  Talk instead about the problem.  In concrete terms.  What does the switch do?  When does it do that?  What does the user do?  When / why?
> 
>  You don't have a good grasp of what the switch / RADIUS server does.  As a result, your questions are based on incorrect assumptions.  There's no real way to answer your questions as-is, because the assumptions are incorrect.
> 
>  Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list