(RADIATOR) How to differentiate between user auth and MAC address auth

[Michael Harlow]

Hi,

I'm wondering if anyone knows how to differentiate between an access request
from a wireless access point that is part of MAC address authentication for
association, followed by the username authentication as part of TTLS/PAP.
Both requests come from the same NAS client, with the same secret, and both
are access request packets. I need to send the MAC address off to a mysql
table for checking if it is registered, and usernames thru to an LDAP
server.

I have the LDAP/username part working, but I need to add the MAC address
checking as well.

Do I do some sort of fall-thru, checking the MySQL table first, then if not
found try the LDAP server? Problem is, if a user were to enter their MAC
address as their username in the 2nd part of the authentication, the
TTLS-PAP would succeed too, by hitting in the MySQL table, and not looking
in the LDAP system. Effectively I create passwordless accounts for each
mac-address that could be used for both access requests.

Any suggestions?
Thanks, Michael

-------------------------------------------------
Michael Harlow              Private Bag 69
Network Engineer            Hobart Tasmania 7001
IT Resources                Ph  03 6226 1812
University of Tasmania      Mob 0438 26 1812
Michael.Harlow at utas.edu.au  Fx  03 6226 7171
-------------------------------------------------

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.