Hi Alan, > A better approach is to look for something like MAC authentication > Bypass in Cisco switches. If the client doesn't do 802.1x within a > certain time, the switch sends a RADIUS request containing the MAC address.
We have more than 200 ThinClients. I'm afraid, this would be unmanagable. If a Client dies and e.g. a fellow forgets to unregister the MAC-Address, the MAC-Address table of the radius server would be very messy after a few months. Do you know a solution, in which this "MAC"-Clients could be foolproof managed? Regards Thorsten "Alan DeKok" <[EMAIL PROTECTED]> schrieb: > Thorsten Leiser wrote: >> we're just implementing port security with freeradius 1.1.6. For our >> XP-Boxes we'll use the built in 802.1x-supplicant. But there are some >> dumb thinclients without any supplicants available. Fortunately, we're >> able to modify the User Class option (option 77) within the dhcp-request >> of these thinclients. So, we're trying to authenticate the clients by >> using the modified dhcp-request. > > That requires modified clients, and DHCP servers. > > A better approach is to look for something like MAC authentication > Bypass in Cisco switches. If the client doesn't do 802.1x within a > certain time, the switch sends a RADIUS request containing the MAC address. > >> Do you have an idea how we can use this modified dhcp-request to >> authenticate angainst our radius server? Or any other idea? > > Modifying DHCP isn't a good idea. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html