Hi,
I think I've done something similar using EAP/TTLS. The only problem I had was
to set copy_request_to_tunnel=yes in order to have the Calling-Station-Id.
Tacio
PS:
users:
mac User-Password=="mac", Calling-Station-Id == "0004e1aa4ac4"
mac User-Password=="mac", Calling-Station-Id == "0004e3aa3ad5"
eap:
ttls{
...
copy_request_to_tunnel = yes
...
}
On Saturday 31 July 2004 00:50, Jose Guevarra wrote:
> Hi,
>
> I've got freeradius working and can authenticate local users (passwd file),
> but, what I really want to do is use 802.1x to configure port VLANS on an
> HP 2650
> according to a client's MAC address. So instead of looking for the
> "User-Name" attribute I'm more concerned with the MAC address
> of the client. Below is the request from an HP 2650 so the client's
> MAC address is found under "Calling-Station-Id".
>
> Is it possible to accept any username but, search for the attribute
> "Calling-Station-Id"? Or is it better to have the client send it's MAC
> address as the User-Name?
>
> Thanks
>
> -=-=-=-=-=-=-=-
> rad_recv: Access-Request packet from host 128.111.15.6:1200, id=11,
> length=227
> Framed-MTU = 1480
> NAS-IP-Address = xxx.xxx.15.6
> NAS-Identifier = "pp-pp--2"
> User-Name = "some username"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-Port = 47
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "47"
> Called-Station-Id = "00-30-6e-dd-f6-d1"
> Calling-Station-Id = "00-20-e0-6f-ee-7a"
> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "11"
> State = 0xf57f51fc318fcf4c9f8fa1ac89fdf361
> EAP-Message = 0x02030006030d
> Message-Authenticator = 0x86cddd39bd485e3e306f1a1e31be09a2
> Processing the authorize section of radiusd.conf
> -=--=-=-=-=-=-=
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
