Authorization Computers using MAC address

Alan DeKok aland at deployingradius.com
Fri Feb 7 13:21:52 CET 2020


On Feb 6, 2020, at 10:14 PM, James Ngo <james.ngobui at gmail.com> wrote:
> So I have already setup the Freeradius server, authenticate WIFI users using
> username and password. All working smoothly so far.

  That's good.

> Our office also have about 5 desktop computers, sharing the same EdgesSwitch
> 
> How could I go about authorizing only our office computers using its MAC
> addresses? This is to prevent outside guests/visitors plug our LAN cables to
> their laptops

  Configure the switch to do MAC address authentication.  Then, add the MACs to the FreeRADIUS configuration.

> I see in the "radcheck", there is "attribute" for user/password is
> "Cleartext-Password" when using username/password. Can I change this to
> something that accommodate MAC address? Or I have to come up with a complete
> new setup?

  All RADIUS authentication is done on user name / password.  You should be able to just list the MAC address as both the User-Name, and Cleartext-Password.  It should then work.

  *But*.  All of this depends on the switch.  Configure the switch to do MAC address authentication, and then look at the packets it sends to FreeRADIUS.  It should then be obvious how to configure FreeRADIUS to authenticate those packets.

  There is a large variation of behaviour in different switches.  So it's impossible for us to give specific advice that will work everywhere.

  Alan DeKok.




More information about the Freeradius-Users mailing list