Hello guys! I was hoping you could help me with something its been troubling me
the last two days. Im using a freeradius to authtenticate users on a
WPA-Enterprise enviroment. What i would like to do now is to add another layer
of security matching the MAC address of the user as well the user+password.
The user and password thing is working without a problem, but i dont quite
understand what is the way (or the best way) to accomplish the MAC thing.
Google says that i could use Calling-Station-id , so what i do is i create a
Group and attach Calling-Station-id as a check item and put the MAC i want for
that user to match but the user gets into the network no matter what MAC he has.
I can see the calling-station-id coming from the NAS in the debug mode but
doesnt seem to be checked.
As an alternative i tried to use checkval. I add the checkval module on
authorize.. and then where do i put the calling-station-id item?
The questions are then:
For the group to work, should i put another atribute apart from the
calling-station-id for the check? Like the thing you do for Dynamic VLAN
assignment...
Whats the best/easiest way to accomplish this? checkval or using the attribute
directly?
I use freeradius 2.1.0 and daloradius. Users r stored in an sql database.
Thanks in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
