Re: SQL Mac-Authentication based on Call-Check

[florian broder]

Hi.
Thanks for your thoughts.

On 11/23/05, Alan DeKok <[EMAIL PROTECTED]> wrote:

florian broder <[EMAIL PROTECTED]> wrote:
> The only thing I'm currently unaware of is, where I can tell freeradius to
> use Call-Check together with mysql, I think it's somewhere in sql.conf?

  No, it's also in the "radcheck" table.

Ok, instead of a password I use Atribute "Calling-Station-ID" with Value <mac-address>?

> Only thing that need to be done IMO is to tell radius, that there is no
> username and authentication needs to be done on a caller-id basis.

  In radcheck, also set "Auth-Type := Accept" if the MAC & Call-Check
match.

Can you tell me, how to do that? I mean, setting Auth-Type when it matches?

radcheck:
username: ?? (there isn't any! --> use DEFAULT?)
attribute 1: calling-station-id
value 1: mac
attribute 2: service-type
value2: 10 (call-check)
attribute 3: auth-type
value 3: accept

Is that ok?

But how has the authorize_check_query to be done?

--
Tha Radius should be used ONLY for Mac-Authentication internally (just our LAN). Idea is, that a Switch-Port (VLAN, Access or trunk...) is configured by a script depending on the connecting mac-address.

As I've said, I haven't deployed freeradius yet, so maybe the next question is really stupid...

In sql.conf. "authorize_check_query" takes all values (belonging to a user-name) from radcheck and tries to match them with the attributes which have been sent?!

But the Switch definitely sends NO user-name, i've checked that with Ethreal.
I still don't understand, how sql-config should be done, if there _isn't_ any username, just a caller id.

Thanks a lot i advance, and really sorry for stealing your time!

Bye
Flo

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html