Authorization Computers using MAC address

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Authorization Computers using MAC address

James Ngo
Hello everyone,

So I have already setup the Freeradius server, authenticate WIFI users using
username and password. All working smoothly so far.

Our office also have about 5 desktop computers, sharing the same EdgesSwitch

How could I go about authorizing only our office computers using its MAC
addresses? This is to prevent outside guests/visitors plug our LAN cables to
their laptops

I see in the "radcheck", there is "attribute" for user/password is
"Cleartext-Password" when using username/password. Can I change this to
something that accommodate MAC address? Or I have to come up with a complete
new setup?

Thank you very much for your helps

Kind regards

James

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Authorization Computers using MAC address

Alan DeKok-2
On Feb 6, 2020, at 10:14 PM, James Ngo <[hidden email]> wrote:
> So I have already setup the Freeradius server, authenticate WIFI users using
> username and password. All working smoothly so far.

  That's good.

> Our office also have about 5 desktop computers, sharing the same EdgesSwitch
>
> How could I go about authorizing only our office computers using its MAC
> addresses? This is to prevent outside guests/visitors plug our LAN cables to
> their laptops

  Configure the switch to do MAC address authentication.  Then, add the MACs to the FreeRADIUS configuration.

> I see in the "radcheck", there is "attribute" for user/password is
> "Cleartext-Password" when using username/password. Can I change this to
> something that accommodate MAC address? Or I have to come up with a complete
> new setup?

  All RADIUS authentication is done on user name / password.  You should be able to just list the MAC address as both the User-Name, and Cleartext-Password.  It should then work.

  *But*.  All of this depends on the switch.  Configure the switch to do MAC address authentication, and then look at the packets it sends to FreeRADIUS.  It should then be obvious how to configure FreeRADIUS to authenticate those packets.

  There is a large variation of behaviour in different switches.  So it's impossible for us to give specific advice that will work everywhere.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html