Mikko Husari wrote: > Mikko Husari wrote: >> Hi! >> >> im currently running eap-tls with username and password (from ldap), but >> now we're having a bunch of "stupid" wlan-client machines, and we need >> an simple mac-auth (from ldap?) to the network. basic idea: (example >> from outside world) "so, no certificate and login credentials, cant let >> you in. but im on an vip-list!. Oh, i see, come on in, sorry for >> inconvenience", for now we are happy to get just that to work, next >> level would be something concerning vlans... i think (in the long run) >> we don't want to have too much accessibility in those stupid machines. >> poorly explained, not enough coffee in veins yet... >> >> thanks in advance >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > Wouldn't i just be able to create hints rule that says "if > calling-station-id == xx-xx-xx-xx-xx permit access" , or something similar?
Yes. Like I said, it's easy. My advice would be to use an rlm_passwd with a key of calling-station-id and use the authtype value on the module instance to set to Accept. As I said, your AP still needs to support sending the MAC to Radius on association. I suggest you consult your AP docs. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html