Is there a way to dynamically attach the mac of the users pc to the

username who has logged in?
This way I can stop people sharing the same username/password
combination on different pc's.



Using the post-auth requests, you can add a Calling-Session-Id for the concerned user in the radcheck table, only if doesn't already have one.

This way, and provided your NAS sends this attribute with each
authentication request, only the user with correct MAC address will be
authorized.

Regards,

Joachim


Thanks for the reply Loachim,
Would your suggestion be automatic or would I need to manually add the attribute.
eg: would I have to add the table.
radcheck
id - - - - - - - - 4567
UserName - - user1
Attribute - - - Calling-Session-Id
op - - - - - - - :=
Value - - - - - 000bcdfxxx



Looking at radacct, I am receiving "CallingStationID" which appears to be the mac of the connecting client.
Would this be a way to check if the user has logged in before and see if the mac address is the same as the original login?
Then deny if username/mac combination is not the same.
This would offer the self management I am hoping to achieve.


Thanks

Shane




- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to