Authentication either username or mac address

Discussion:

Mohammad Mahefooz

2018-12-04 11:36:48 UTC

I have searched about this, but couldn't find proper answer. If it has
been already answered kindly share the link. Would like to authenticate
users either with username or specified mac address. Generally we can
authenticate users either when using only username or only mac address
(using mac authentication). But let's say we want to give users the option
of either using username or mac address to login, but count data and
session time on username basis, how to achieve this in freeradius?

- Mohammad
-
List info/subscribe/unsubscribe? See http://www.freeradius.o

Alan DeKok

2018-12-04 13:28:05 UTC

Permalink

Post by Mohammad Mahefooz
I have searched about this, but couldn't find proper answer. If it has
been already answered kindly share the link. Would like to authenticate
users either with username or specified mac address.

If the MAC is in the User-Name attribute, then you're using authenticating by User-Name. FreeRADIUS doesn't care what's *in* the User-Name.

Post by Mohammad Mahefooz
Generally we can
authenticate users either when using only username or only mac address
(using mac authentication). But let's say we want to give users the option
of either using username or mac address to login,

How do you give them that option?

Post by Mohammad Mahefooz
but count data and
session time on username basis, how to achieve this in freeradius?

Is the User-Name in the access-Request packet?

You want to do "something". But you don't know what's in the packets, and you don't really know what you want to do.

So the question is impossible to answer until there's some more detailed information.

Alan DeKok.

-
List info/subscribe/unsubscri

Mohammad Mahefooz

2018-12-04 13:44:31 UTC

Permalink

In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if we
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to know
if it is feasible?

1 - open this path
/etc/freeradius/sql/mysql/dialup.conf
======================================
2 - search in : authorize_check_query
reblase all query to :

authorize_check_query = "SELECT id, username, attribute, value, op, mac \
FROM ${authcheck_table} \
WHERE username = '%{SQL-User-Name}' and (mac IS NULL or
mac='%{Calling-Station-Id}') \
ORDER BY id"
=====================================
3 - add new colum `mac` in database in `radcheck` table and set him to
`null`
=====================================
4 - add your current user with the password with the two or three mac's
as you want.

- Mohammad

Post by Alan DeKok

If the MAC is in the User-Name attribute, then you're using
authenticating by User-Name. FreeRADIUS doesn't care what's *in* the
User-Name.

Post by Mohammad Mahefooz
Generally we can
authenticate users either when using only username or only mac address
(using mac authentication). But let's say we want to give users the

option

Post by Mohammad Mahefooz
of either using username or mac address to login,

How do you give them that option?

Post by Mohammad Mahefooz
but count data and
session time on username basis, how to achieve this in freeradius?

Is the User-Name in the access-Request packet?
You want to do "something". But you don't know what's in the packets,
and you don't really know what you want to do.
So the question is impossible to answer until there's some more detailed information.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org

Alan DeKok

2018-12-04 13:59:24 UTC

Permalink

Post by Mohammad Mahefooz
In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if we
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to know
if it is feasible?

Well, it doesn't let the user log in with the *User-Name* set to either the name or the MAC address. It lets a user log in with one User-Name, but multiple devices. And, where the MAC address is set automatically in the Calling-Station-Id attribute.

As with anything, you have to define the requirements. Then, the solution usually becomes clear.

If the user logs in with the User-Name set to the MAC address, then you don't know who the real user is.

Again, you're asking for a solution, but you don't really know what you want to do. Define the problem first.

What do you want to allow the user to have in the User-Name attribute?

Is the MAC in the Calling-Station-Id attribute? (LOOK IN THE DEBUG OUTPUT)

etc.

You can't just post a question saying "I want to do stuff", and expect us to come up with a solution. Vague questions get vague answers. Detailed questions get detailed answers.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradiu

Mohammad Mahefooz

2018-12-04 14:04:21 UTC

Permalink

Well Alan, I've seen your attitude in this mailing thread when answering
these kind of questions. Anyway I believe I was very clear even with
example, still if you think it's a vague question, let it be. I think there
is no point of coming here for help.

- Mohammad

Post by Alan DeKok

Post by Mohammad Mahefooz
In radcheck table, if we use email address as value in User-Name
attribute, user can login with his email address as username. In case if

Post by Mohammad Mahefooz
use MAC as value in User-Name attiribute, user can login using MAC
authentication. As of now, we can use 'only' either value. Requirement is
to enable user to use both. He can login with either email or MAC. Just
found the below solution suggested in one of the forum. Would like to

know

Post by Mohammad Mahefooz
if it is feasible?

Well, it doesn't let the user log in with the *User-Name* set to either
the name or the MAC address. It lets a user log in with one User-Name, but
multiple devices. And, where the MAC address is set automatically in the
Calling-Station-Id attribute.
As with anything, you have to define the requirements. Then, the
solution usually becomes clear.
If the user logs in with the User-Name set to the MAC address, then you
don't know who the real user is.
Again, you're asking for a solution, but you don't really know what you
want to do. Define the problem first.
What do you want to allow the user to have in the User-Name attribute?
Is the MAC in the Calling-Station-Id attribute? (LOOK IN THE DEBUG OUTPUT)
etc.
You can't just post a question saying "I want to do stuff", and expect
us to come up with a solution. Vague questions get vague answers.
Detailed questions get detailed answers.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/use

Alan DeKok

2018-12-04 14:09:01 UTC

Permalink

This post might be inappropriate. Click to display it.

Continue reading on narkive:

Search results for 'Authentication either username or mac address' (Questions and Answers)

replies

I can't find the router PIN that my laptop needs to connect?

started 2010-11-09 10:02:20 UTC

computer networking

replies