Authorize with SQL and not authenticate

Tom Yard tomyyard at gmail.com
Wed Jul 4 18:22:05 CEST 2018


Dear Alan, thanks for your response.

Now I have NTLM _AUTH with MSCHAP in Freeradius, and I can see I have
enabled PAP autheentication and authorization too (in default and
inner-tunnel files).

Please can you tell me where I have to force PAP from the user side in ordr
to just authorize the hosts? Users are logged into a host and after that
the switch sends the MAC Address' host to the Freeradius server.

Thanks again!!!


2018-07-04 12:47 GMT-03:00 Alan DeKok <aland at deployingradius.com>:

> On Jul 4, 2018, at 11:45 AM, Tom Yard <tomyyard at gmail.com> wrote:
> >
> > I've just have a default file with a LDAP + SQL queries for user
> > authorization, and NTLM for user authentication.
> >
> > Also I want to just authorize hosts sending its MAC Addresses as its
> > usernames according to a SQL query matching a Mac Address table, but I
> > don't want to authenticate them because the Active Directory doesn't
> > contain MAC Addresses as usernames.
>
>   Sure.  But only if the user is doing PAP.  It won't work for MS-CHAP,
> because each end authenticates the other.  And both ends need the password.
>
> > Is it possible just authorize with Freeradius and so let hosts to access
> > the LAN network ?
>
>   Yes.
>
>   The question then is, what do MAC auth packets look like?
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list