RADIUS and MAC Address authentication

Home Page Forums Network Management ZeroShell RADIUS and MAC Address authentication

This topic contains 4 replies, has 0 voices, and was last updated by  sbrown 3 years, 10 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41040

    sbrown
    Member

    Hello,

    I have searched Google and forums here for awhile and I can’t find a good answer to my question.
    In my wireless network we have some client WiFi devices that act as “bridge/router/repeaters” to our WiFi signal. Currently we use WPA-PSK and program the key into each client device. What I would rather do is authorize the device via RADIUS based on the MAC address.

    I have seen some text referring to FreeRadius and MAC addresses, but I have never been able to get that to work quite right – so when I saw this on the Zeroshell page:

    or the less secure authentication of the client MAC Address;

    I was hopeful that I could use this great distro (already using it for captive portal) for MAC address authentication on our APs…

    But – when I test with my laptop, it always wants a username/password/cert… I’ve tried making a new user with the MAC address and the password the same as the shared secret, but no luck there.

    Any ideas?

    Thank you very much,
    Scott

    #46517

    imported_fulvio
    Participant

    By using either FreeRADIUS or another RADIUS server you can use the MAC address authentication by creating an entry in which the username and the password are the mac (without : or – characters) you want authorize. Zeroshell manages the authentication by using Kerberos 5 backend that not allows to set the password equal to the username. For this reason if you want this feature you have to manually add the entry in the file /etc/raddb/users.

    Regards
    Fulvio

    #46518

    shah
    Member

    sbrown… how’s with your settings… is it work for you… need to know how you did it… 😉

    #46519

    Jpearl01
    Member

    Hello,
    We are trying to do the same thing by using free radius to authenticate by MAC address. Our customers Radio units act as transparent bridges so in our case we would like to authenticate by the MAC address of their computer/router. The idea in our situation is to have our billing server hold all of the MAC address and script it out to our Free radius server. Have you been able to get this to work at this point? Or anything similar to this?

    #46520

    ChesterBMW
    Member

    is there anyway to relax the password requirements to allow the password to be the same as the username.

    I am researching Kerberos 5 to figure it out myself but I am not having much luck.

    #46521

    dtmadman
    Member

    @fulvio wrote:

    By using either FreeRADIUS or another RADIUS server you can use the MAC address authentication by creating an entry in which the username and the password are the mac (without : or – characters) you want authorize. Zeroshell manages the authentication by using Kerberos 5 backend that not allows to set the password equal to the username. For this reason if you want this feature you have to manually add the entry in the file /etc/raddb/users.

    Regards
    Fulvio

    Hi Fluivio, I’m using your Zeroshell for six months or more… As I understand right now, If I write an entry in the file users assigning a user and password and mac address as the same, the radius server will allow it? Can you show me an example of that entry? Can it be done to the lan users also?

    Is there a way to link a user to a ip and a mac address? thanks…

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.