I need help or some guide!

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

I need help or some guide!

Ariel García Reyes
Hi I am implementing a Freeradius server to authenticate Wifi connections.
I want to configure the authentication to be EAP-TLS and to be able to
filter that the MAC of the device matches the authorized one stored
somewhere, domain controller, database, file, etc., taking into account
that a user could be authorized to use several teams.
Thank you very much!

--
________________________________________________
Lic. Ariel García Reyes.
GNU/Linux Registered User #357058
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: I need help or some guide!

Alan DeKok-2
On Sep 7, 2020, at 9:54 AM, Ariel García Reyes <[hidden email]> wrote:
>
> Hi I am implementing a Freeradius server to authenticate Wifi connections.
> I want to configure the authentication to be EAP-TLS and to be able to
> filter that the MAC of the device matches the authorized one stored
> somewhere, domain controller, database, file, etc., taking into account
> that a user could be authorized to use several teams.

  What database are you using?  That makes a difference.

  And what does it mean to have a "user authorized to use several teams"?

  In general, this kind of thing is relatively simple.  Get EAP-TLS working first.  Then, add MAC checks.

  But the details matter.  You can't just say "some database somwhere", and expect a useful answer.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: I need help or some guide!

Ariel García Reyes
 You're right!
I have already managed to generate certificates and for users to connect to
the Wi-Fi using EAP-TLS, what I need is to be able to restrict that any
equipment does not connect to the network even if it has the imported
certificate, only those that are declared the MAC in a base MySQL,
PostgreSQL or LDAP data.

El lun., 7 de sep. de 2020 a la(s) 11:54, Alan DeKok (
[hidden email]) escribió:

> On Sep 7, 2020, at 9:54 AM, Ariel García Reyes <[hidden email]>
> wrote:
> >
> > Hi I am implementing a Freeradius server to authenticate Wifi
> connections.
> > I want to configure the authentication to be EAP-TLS and to be able to
> > filter that the MAC of the device matches the authorized one stored
> > somewhere, domain controller, database, file, etc., taking into account
> > that a user could be authorized to use several teams.
>
>   What database are you using?  That makes a difference.
>
>   And what does it mean to have a "user authorized to use several teams"?
>
>   In general, this kind of thing is relatively simple.  Get EAP-TLS
> working first.  Then, add MAC checks.
>
>   But the details matter.  You can't just say "some database somwhere",
> and expect a useful answer.
>
>   Alan DeKok.
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--
________________________________________________
Lic. Ariel García Reyes.
GNU/Linux Registered User #357058
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html