Discussion:
Authentication either username or mac address
(too old to reply)
Mohammad Mahefooz
2018-12-04 11:36:48 UTC
Permalink
I have searched about this, but couldn't find proper answer. If it has
been already answered kindly share the link. Would like to authenticate
users either with username or specified mac address. Generally we can
authenticate users either when using only username or only mac address
(using mac authentication). But let's say we want to give users the option
of either using username or mac address to login, but count data and
session time on username basis, how to achieve this in freeradius?

- Mohammad
-
List info/subscribe/unsubscribe? See http://www.freeradius.o
Alan DeKok
2018-12-04 13:28:05 UTC
Permalink
Post by Mohammad Mahefooz
I have searched about this, but couldn't find proper answer. If it has
been already answered kindly share the link. Would like to authenticate
users either with username or specified mac address.
If the MAC is in the User-Name attribute, then you're using authenticating by User-Name. FreeRADIUS doesn't care what's *in* the User-Name.
Post by Mohammad Mahefooz
Generally we can
authenticate users either when using only username or only mac address
(using mac authentication). But let's say we want to give users the option
of either using username or mac address to login,
How do you give them that option?
Post by Mohammad Mahefooz
but count data and
session time on username basis, how to achieve this in freeradius?
Is the User-Name in the access-Request packet?

You want to do "something". But you don't know what's in the packets, and you don't really know what you want to do.

So the question is impossible to answer until there's some more detailed information.

Alan DeKok.


-
List info/subscribe/unsubscri
Mohammad Mahefooz
2018-12-04 13:44:31 UTC
Permalink
In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if we
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to know
if it is feasible?

1 - open this path
/etc/freeradius/sql/mysql/dialup.conf
======================================
2 - search in : authorize_check_query
reblase all query to :

authorize_check_query = "SELECT id, username, attribute, value, op, mac \
FROM ${authcheck_table} \
WHERE username = '%{SQL-User-Name}' and (mac IS NULL or
mac='%{Calling-Station-Id}') \
ORDER BY id"
=====================================
3 - add new colum `mac` in database in `radcheck` table and set him to
`null`
=====================================
4 - add your current user with the password with the two or three mac's
as you want.

- Mohammad
Post by Alan DeKok
Post by Mohammad Mahefooz
I have searched about this, but couldn't find proper answer. If it has
been already answered kindly share the link. Would like to authenticate
users either with username or specified mac address.
If the MAC is in the User-Name attribute, then you're using
authenticating by User-Name. FreeRADIUS doesn't care what's *in* the
User-Name.
Post by Mohammad Mahefooz
Generally we can
authenticate users either when using only username or only mac address
(using mac authentication). But let's say we want to give users the
option
Post by Mohammad Mahefooz
of either using username or mac address to login,
How do you give them that option?
Post by Mohammad Mahefooz
but count data and
session time on username basis, how to achieve this in freeradius?
Is the User-Name in the access-Request packet?
You want to do "something". But you don't know what's in the packets,
and you don't really know what you want to do.
So the question is impossible to answer until there's some more detailed information.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Alan DeKok
2018-12-04 13:59:24 UTC
Permalink
Post by Mohammad Mahefooz
In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if we
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to know
if it is feasible?
Well, it doesn't let the user log in with the *User-Name* set to either the name or the MAC address. It lets a user log in with one User-Name, but multiple devices. And, where the MAC address is set automatically in the Calling-Station-Id attribute.

As with anything, you have to define the requirements. Then, the solution usually becomes clear.

If the user logs in with the User-Name set to the MAC address, then you don't know who the real user is.

Again, you're asking for a solution, but you don't really know what you want to do. Define the problem first.

What do you want to allow the user to have in the User-Name attribute?

Is the MAC in the Calling-Station-Id attribute? (LOOK IN THE DEBUG OUTPUT)

etc.

You can't just post a question saying "I want to do stuff", and expect us to come up with a solution. Vague questions get vague answers. Detailed questions get detailed answers.

Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradiu
Mohammad Mahefooz
2018-12-04 14:04:21 UTC
Permalink
Well Alan, I've seen your attitude in this mailing thread when answering
these kind of questions. Anyway I believe I was very clear even with
example, still if you think it's a vague question, let it be. I think there
is no point of coming here for help.

- Mohammad
Post by Alan DeKok
Post by Mohammad Mahefooz
In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if
we
Post by Mohammad Mahefooz
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to
know
Post by Mohammad Mahefooz
if it is feasible?
Well, it doesn't let the user log in with the *User-Name* set to either
the name or the MAC address. It lets a user log in with one User-Name, but
multiple devices. And, where the MAC address is set automatically in the
Calling-Station-Id attribute.
As with anything, you have to define the requirements. Then, the
solution usually becomes clear.
If the user logs in with the User-Name set to the MAC address, then you
don't know who the real user is.
Again, you're asking for a solution, but you don't really know what you
want to do. Define the problem first.
What do you want to allow the user to have in the User-Name attribute?
Is the MAC in the Calling-Station-Id attribute? (LOOK IN THE DEBUG OUTPUT)
etc.
You can't just post a question saying "I want to do stuff", and expect
us to come up with a solution. Vague questions get vague answers.
Detailed questions get detailed answers.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/use
Alan DeKok
2018-12-04 14:09:01 UTC
Permalink
Post by Mohammad Mahefooz
Well Alan, I've seen your attitude in this mailing thread when answering
these kind of questions. Anyway I believe I was very clear even with
example, still if you think it's a vague question, let it be. I think there
is no point of coming here for help.
If you're going to complain, you will be unsubscribed from the list, and permanently banned.

Follow instructions and get the problem solved, or complain and get banned. Your choice.

Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
Loading...