Re: simple mac-auth

Mikko Husari wrote:
> Hi!
>
> im currently running eap-tls with username and password (from ldap), but
> now we're having a bunch of "stupid" wlan-client machines, and we need
> an simple mac-auth (from ldap?) to the network. basic idea: (example
> from outside world) "so, no certificate and login credentials, cant let
> you in. but im on an vip-list!. Oh, i see, come on in, sorry for
> inconvenience", for now we are happy to get just that to work, next

Most APs will require a separate SSID for this I think - your MAC-auth
one will need to be unauthenticated and the 802.1x one WPA (or whatever)
and the beacon frames will reflect that.

Having said that, assuming your AP can authenticate the MACs against
radius (many can - Ciscos can) then FreeRadius can do it fine, it's very
simple. Do you have a specific question?

> level would be something concerning vlans... i think (in the long run)

Again, provided the AP supports it, easy.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html