If I understand this correctly I could have 3 ways to do RADIUS MAC Authentication:
1) (enterasys seems to do it like this) Username == mac, password == default password set in the nas and that matches the pass in the 'radcheck' table but different from the nas secret 2) (like it seems most vendors are doing it): Username == mac, password == nas-secret (but this also needs username(mac)/password(nas-secret) pairs in 'radcheck' table 3) calling-station-id == mac, username == mac, password == NULL, service-type == Call Check (10) and Auth-Type := Accept My questions: a)could I have a security problem with 2 or 3? b)any suggestions to choose between 1, 2 or 3 or 'just choose whatever works'? Kind Regards, -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] > -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] Namens Alan DeKok > Verzonden: woensdag 23 november 2005 19:33 > Aan: FreeRadius users mailing list > Onderwerp: Re: SQL Mac-Authentication based on Call-Check > > florian broder <[EMAIL PROTECTED]> wrote: > > The only thing I'm currently unaware of is, where I can tell freeradius > to > > use Call-Check together with mysql, I think it's somewhere in sql.conf? > > No, it's also in the "radcheck" table. > > > Only thing that need to be done IMO is to tell radius, that there is no > > username and authentication needs to be done on a caller-id basis. > > In radcheck, also set "Auth-Type := Accept" if the MAC & Call-Check > match. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
