Phil Mayers wrote: > Mikko Husari wrote: > >> Mikko Husari wrote: >> >>> Hi! >>> >>> im currently running eap-tls with username and password (from ldap), but >>> now we're having a bunch of "stupid" wlan-client machines, and we need >>> an simple mac-auth (from ldap?) to the network. basic idea: (example >>> from outside world) "so, no certificate and login credentials, cant let >>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for >>> inconvenience", for now we are happy to get just that to work, next >>> level would be something concerning vlans... i think (in the long run) >>> we don't want to have too much accessibility in those stupid machines. >>> poorly explained, not enough coffee in veins yet... >>> >>> thanks in advance >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >> Wouldn't i just be able to create hints rule that says "if >> calling-station-id == xx-xx-xx-xx-xx permit access" , or something similar? >> > > Yes. Like I said, it's easy. > > My advice would be to use an rlm_passwd with a key of calling-station-id > and use the authtype value on the module instance to set to Accept. > > As I said, your AP still needs to support sending the MAC to Radius on > association. I suggest you consult your AP docs. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > well, i managed to do a "module" that it checks the file and returns ok/not found/noop, but now my problem is that how to do so that it authorizes me according to the maclist... at the moment it checks the eap-tls module... well, theres two section on that radiusd.conf, authenticate and authorize, i tried listing that maclist module in the last and it complained that passwd modules are not allowed in there... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
