Authorize with SQL and not authenticate

Alan DeKok aland at
Wed Jul 4 17:47:53 CEST 2018

On Jul 4, 2018, at 11:45 AM, Tom Yard <tomyyard at> wrote:
> I've just have a default file with a LDAP + SQL queries for user
> authorization, and NTLM for user authentication.
> Also I want to just authorize hosts sending its MAC Addresses as its
> usernames according to a SQL query matching a Mac Address table, but I
> don't want to authenticate them because the Active Directory doesn't
> contain MAC Addresses as usernames.

  Sure.  But only if the user is doing PAP.  It won't work for MS-CHAP, because each end authenticates the other.  And both ends need the password.

> Is it possible just authorize with Freeradius and so let hosts to access
> the LAN network ?


  The question then is, what do MAC auth packets look like?

  Alan DeKok.

More information about the Freeradius-Users mailing list