Binding MAC address with username

Stefan Paetow Stefan.Paetow at
Wed Dec 21 13:25:03 CET 2016

> Sorry for not being clear, here is a better explaination. My setup is a captive portal (CoovaChilli) with FreeRADIUS and mysql. My users are pre-stored in the RADIUS database. What I'd like to do is that on the first time a user connect from a new device, that device's MAC address is binded to the username. This way, whenever the user reconnects to the network, it would just try to authenticate using the MAC adress, if possible without the user's interaction. I also use the DHCP module of FreeRadius in order to assign a specific subnet for a user group. This way, the user is in a group and gets an IP address specific to this group. 
> The whole point of doing this is to redirect the traffic through a Squid proxy and filter by ip ranges. This way, a user logs in the first time it connects to the network. Then, the traffic is filtered according to the user's group (actually school class)

So, in pseudo code:

In the authorize section, execute sql query "Select username from table where MAC_Address like 'mac address'"

If the result is empty, then you need to bind it. If it is not, you have a mapping and you will need to check that the usernames match. If they do, Access-Accept is sent, if not, Access-Reject. 

If you use EAP authentication, you'll have to do this in the inner-tunnel.

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at
skype: stefan.paetow.janet

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

More information about the Freeradius-Users mailing list