RADIUS auth by Mac address

ron.peterson at yellowbank.com ron.peterson at yellowbank.com
Tue Oct 7 21:09:46 EDT 2003


On Tue, Oct 07, 2003 at 05:16:31PM -0400, josephc at etards.net wrote:

> Does anyone have any experience or docs in setting up a RADIUS server to 
> authenticate a host by it's MAC address?

Yes.  I've included a portion of the users file for cistron radius.
This configuration supports MAC based authentication for Lucent wireless
access points.  Maybe others, but that's what I've tested.  (Or is it
Orinoco?  Or Agere?  Or Proxim?  Or Higgedly Piggedly?  I forget.)

# DEFAULT Auth-Type = Local, Password = "insecure"

# Ron's wireless laptop
# note: the hyphen in the mac address is required
# nota bene: the password value is set to match the shared secret
#            defined in the radius 'clients' config file.  the
#            wireless ap must be configured to send this value
#            also.
00022d-123456 Password = "insecure"
       Reply-Message = "Dummy return value required"

DEFAULT Auth-Type = System
        VPNGroupInfo = "radius",
        Class        = "ou=RadiusUsers",
        Framed-IP-Netmask = 255.255.0.0,
        Fall-Through = 1

rpeterso
        Framed-IP-Address = 172.16.104.1

kslate
        Framed-IP-Address = 172.16.104.2

etc.

The same configuration file supports both mac based host authentication
for the wireless access points, and user authentication for Nortel and
Cisco VPN servers.

-- 
Ron Peterson                   -o)
87 Taylor Street               /\\
Granby, MA  01033             _\_v
https://www.yellowbank.com/   ---- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20031007/2a5a3a84/attachment.sig>


More information about the Discuss mailing list