check user device mac address without doing mac-auth
Alan DeKok
aland at deployingradius.com
Sat Mar 25 16:42:20 UTC 2023
On Mar 25, 2023, at 8:03 AM, Eby Mani via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I have installed freeradius without sql integration for testing.
>
> 1, changed # Instead of "use_tunneled_reply", value to "if (1) {.
> 2, users file have following entry on top.
> testing Password := "password", Calling-Station-Id := "0cf346e648f3
I'm pretty sure that won't do what you want, I suggest reading the documentation to see how the operators work in the "users" file.
> Unauthorised devices with same login are granted access once authorised device is authenticated and server receive accounting-request is from unauthorised device. But when unauthorised devices try to connect for the first time, we see access-reject.
The debug log will show whu.
> I'm not sure if this happen due to any stale sessions,
Authentication has nothing to do with stale sessions.
What you want is s policy which says:
if user is X and MAC is not Y
reject
So... write that in "unlang". What you wrote in the "users" file doesn't do that, and doesn't follow the documentation for the "users" file.
Alan DeKok.
More information about the Freeradius-Users
mailing list