Rob Yamry <[email protected]> wrote: > > We are experiencing an issue where certain policies need to push down to > laptops before the user enters their credentials to authenticate to the > wireless network. We only have Radius/802.1x enabled on the wireless right > now. Is it possible to authenticate the device based on MAC address so the > initial connection is there (so the laptop is "online") and then have the > user authenticate via the Novell Client (with 802.1x) to login to the > desktop? > No, not unless your wireless controller supports it.
On the wired side, you can usually get something better: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/application_note_c27-573287.pdf To be frank, in your situation I would *not* recommend it. Workstation and User authentication are two separate things; although you might use the user credentials to 'bootstrap' (to vouch for the MAC address in use for that session) the host authentication. This has nothing to do with FreeRADIUS also... Cheers -- Alexander Clouter .sigmonster says: Chicken Little was right. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
