www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

RADIUS and MAC Address authentication

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
sbrown



Joined: 29 May 2008
Posts: 1

PostPosted: Thu May 29, 2008 3:16 am    Post subject: RADIUS and MAC Address authentication Reply with quote

Hello,

I have searched Google and forums here for awhile and I can't find a good answer to my question.
In my wireless network we have some client WiFi devices that act as "bridge/router/repeaters" to our WiFi signal. Currently we use WPA-PSK and program the key into each client device. What I would rather do is authorize the device via RADIUS based on the MAC address.

I have seen some text referring to FreeRadius and MAC addresses, but I have never been able to get that to work quite right - so when I saw this on the Zeroshell page:
Quote:
or the less secure authentication of the client MAC Address;



I was hopeful that I could use this great distro (already using it for captive portal) for MAC address authentication on our APs...

But - when I test with my laptop, it always wants a username/password/cert... I've tried making a new user with the MAC address and the password the same as the shared secret, but no luck there.

Any ideas?

Thank you very much,
Scott
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1069

PostPosted: Thu May 29, 2008 5:27 pm    Post subject: Reply with quote

By using either FreeRADIUS or another RADIUS server you can use the MAC address authentication by creating an entry in which the username and the password are the mac (without : or - characters) you want authorize. Zeroshell manages the authentication by using Kerberos 5 backend that not allows to set the password equal to the username. For this reason if you want this feature you have to manually add the entry in the file /etc/raddb/users.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
shah



Joined: 28 May 2008
Posts: 5

PostPosted: Sun Jun 01, 2008 12:05 pm    Post subject: Reply with quote

sbrown... how's with your settings... is it work for you... need to know how you did it... Wink
Back to top
View user's profile Send private message
Jpearl01



Joined: 26 May 2009
Posts: 1
Location: Michigan

PostPosted: Tue May 26, 2009 2:30 pm    Post subject: Free Radius Reply with quote

Hello,
We are trying to do the same thing by using free radius to authenticate by MAC address. Our customers Radio units act as transparent bridges so in our case we would like to authenticate by the MAC address of their computer/router. The idea in our situation is to have our billing server hold all of the MAC address and script it out to our Free radius server. Have you been able to get this to work at this point? Or anything similar to this?
Back to top
View user's profile Send private message
ChesterBMW



Joined: 06 Jun 2010
Posts: 1

PostPosted: Sun Jun 06, 2010 5:56 pm    Post subject: Kerberos 5 password relax Reply with quote

is there anyway to relax the password requirements to allow the password to be the same as the username.

I am researching Kerberos 5 to figure it out myself but I am not having much luck.
Back to top
View user's profile Send private message
dtmadman



Joined: 17 Jul 2015
Posts: 2

PostPosted: Fri Jul 17, 2015 11:05 pm    Post subject: Can you give me a further explanation? Reply with quote

fulvio wrote:
By using either FreeRADIUS or another RADIUS server you can use the MAC address authentication by creating an entry in which the username and the password are the mac (without : or - characters) you want authorize. Zeroshell manages the authentication by using Kerberos 5 backend that not allows to set the password equal to the username. For this reason if you want this feature you have to manually add the entry in the file /etc/raddb/users.

Regards
Fulvio


Hi Fluivio, I'm using your Zeroshell for six months or more... As I understand right now, If I write an entry in the file users assigning a user and password and mac address as the same, the radius server will allow it? Can you show me an example of that entry? Can it be done to the lan users also?

Is there a way to link a user to a ip and a mac address? thanks...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group