Authorize access by MAC Address

Mike DiBella mike at dibella.net
Thu Oct 24 01:44:22 CEST 2019


I am intend to use FreeRadius to create a network access solution for managed mobile devices.   Authentication will be using EAP-TLS with a trusted certificate, but the supplicant identity mapping attribute will be the WiFi adapter's MAC address.

I have an LDAP directory with a customized schema that has an object for each managed device with an attribute, wiFiMAC, containing the MAC address and second attribute, deviceCompliance, containing the device's adjudicated policy compliance state.

The access request authorization policy should allow access if the device object is found in the directory by MAC address, and deviceCompliance is 0.

I've looked over the documentation for LDAP backend configuration, but it is heavy biased towards the authorize-by-user-identity use case.

Are there any configuration examples for mapping identity using MAC address?   Any examples for adding custom LDAP attributes for access-adjudication?


More information about the Freeradius-Users mailing list