-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
The scheme used almost universally for Mac-Based authentication is User-Name == Calling-Station-ID, unfortunately the format of the two mac addresses often differ. Here are the examples from our configuration to perform mac-based authorisation. - --- authorize { # Rewrite called station id attributes into a standard format. if("%{Calling-Station-Id}" =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){ update request { Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}" } } if("%{User-Name}" =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){ update request { User-Name := "%{1}%{2}%{3}%{4}%{5}%{6}" } } if("%{User-Name}" =~ /^%{Calling-Station-Id}$/i){ update control { Autz-Type = 'mac-based' } } # Authorisation based on mac address Autz-Type mac-based { # This is where you do your authorisation checks update control { Auth-Type := 'Accept' } } } - --- No you don't need passwords, you force the server to send an Access-Accept or Access-Reject packet based on your authorisation policies for certain Mac-Addresses. Thanks, Arran - -- Arran Cudbard-Bell ([EMAIL PROTECTED]), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj/Cq4ACgkQcaklux5oVKL03ACeNVBkJOkyrnhNtjD+W23Mp8YX 78cAnRgNFEfsewQgPl9WaAO3fQ9btzym =dPsK -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html