Authorize with SQL and not authenticate
Tom Yard
tomyyard at gmail.com
Wed Jul 4 18:22:05 CEST 2018
Dear Alan, thanks for your response.
Now I have NTLM _AUTH with MSCHAP in Freeradius, and I can see I have
enabled PAP autheentication and authorization too (in default and
inner-tunnel files).
Please can you tell me where I have to force PAP from the user side in ordr
to just authorize the hosts? Users are logged into a host and after that
the switch sends the MAC Address' host to the Freeradius server.
Thanks again!!!
2018-07-04 12:47 GMT-03:00 Alan DeKok <aland at deployingradius.com>:
> On Jul 4, 2018, at 11:45 AM, Tom Yard <tomyyard at gmail.com> wrote:
> >
> > I've just have a default file with a LDAP + SQL queries for user
> > authorization, and NTLM for user authentication.
> >
> > Also I want to just authorize hosts sending its MAC Addresses as its
> > usernames according to a SQL query matching a Mac Address table, but I
> > don't want to authenticate them because the Active Directory doesn't
> > contain MAC Addresses as usernames.
>
> Sure. But only if the user is doing PAP. It won't work for MS-CHAP,
> because each end authenticates the other. And both ends need the password.
>
> > Is it possible just authorize with Freeradius and so let hosts to access
> > the LAN network ?
>
> Yes.
>
> The question then is, what do MAC auth packets look like?
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list