> > I know that an access point can act as a radius client & then authenticate > > client's mac address with Freeradius server & there got to be an entry for > > this client in the users's file. But let's say I have 1000 clients, do I > > have to find out every single client's mac address & then add them into > > the users's file? Is there a better way of doing it? > > first of all mac based authentication is not very secure.
I agree. MAC based authentication is quite easy to spoof. You should either use another scheme (VPN or something) coupled with this, or go for 802.1x. > if you still want to use MAC based authentication and manage a lot of users > a better way would be to have all the user base in LDAP. The RADIUS will > query LDAP for the MAC address of the card, this will eiliminate entering > all the user information in a single user file in RADIUS. That'll work if you already have an LDAP database or plan to use LDAP for something else too (authentication to your LAN/workgroup), otherwise IMHO setting up an LDAP database just for this might be overkill. People have had very good performance even with large number of users in the users file in freeRadius, and that might just be the easiest way to go. my two cents, Puneet _______________________________________________ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
