(RADIATOR) MAC address filtering?

Hugh Irvine hugh at open.com.au
Thu Jan 20 21:43:26 CST 2005 

Hello Jim -

You can use cascaded AuthBy clauses like this:

# define AuthBy clauses

<AuthBy FILE>
	Identifier CheckMACAddress
	Filename %D/addresses.mac
	AuthenticateAttribute Calling-Station-Id
</AuthBy>

<AuthBy LDAP2>
	Identifier CheckLDAP
	.....
</AuthBy>

.....

#define Handlers

<Handler ....>
	....
	AuthBy CheckMACAddress
	....
</Handler>


Then the file "addresses.mac" (in your DbDir directory) would contain 
something like this:

# addresses.mac

1.1.1.1.1.1 Auth-Type = CheckLDAP

2.2.2.2.2.2 Auth-Type = CheckLDAP

3.3.3.3.3.3 Auth-Type = CheckLDAP

.....


The above assumes that the MAC address is in the Calling-Station-Id 
attribute in the incoming request.

Also the addresses must be listed exactly as they appear in the 
incoming requests (ie. replace "1.1.1.1.1.1" etc. with the real MAC 
addresses).

Please let me know how you get on.

regards

Hugh




On 21 Jan 2005, at 07:41, Jim Michael wrote:

> Ok, I'm getting close to my ideal solution with Radiator... have it
> authenticating against our LDAP directory, etc. Now I want to add an
> additional layer of security by having Radiator check the client's MAC
> address against a list of allowed addresses. For now we have so few
> wireless clients that its not necessary to do a database lookup...
> Radiator simply checking a file on the system for allowed MAC addresses
> would be fine, but I cannot figure out how to do this. What I want is
>
> 1) client tries to get on the WLAN and radiator checks the MAC against
> a list
> 2) If MAC is allowed, go ahead and do the LDAP authentication, if no,
> dump 'em.
>
> Can anyone provide pointers to such a setup?
>
> Jim
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list