Security

Hi all,

anyone ever did MAC-Authentication using FreeRadius and Aruba over here ?

I spent some time to finally configure freeradius on an ubuntu VM and have it running + working. I'm currently able to authenticate on my external captive portal which is pointed to my webserver + freeradius for RADIUS auth.

I'm authenticating against a SQL database that I created and it works fine. Since MAC-Auth uses the MAC as a calling-station-id, i'd like to extract this information and store it into my SQL database. Then if a user connects, it will send it's MAC and i'd like to verify it against this same database so the users don't have to enter their credentials again (basically same as MAC caching). 

Also, I created an entry within my database with my phone's MAC as a username and same for password and it's working. Since I plan to have loads of connections, I want to have this process automated.

Any idea/procedure on how to achieve this ?

Thanks a lot :)

15 hours of work later and dedication, I managed to make it work :)

Thanks

I have the exact same scenario to deploy. How did you do that?

Hi,

it's been a while and I didn't document everything since it was for a personnal project but still I can help.

Heres what I was using to have it work :

        sql 
if("%{sql:SELECT COUNT(*) FROM radpostauth WHERE username ='%{Calling-Station-Id}'}" > 0){     
   ok 
update control { 
Auth-Type := Accept 
} 
} 
else{ 
reject 
}

I'm not an SQL expert so this might not be optimal/fastest way to achieve it ... but did the trick for me.

The idea is that once a user authenticated successfuly, it will be added to radpostauth. Now we verify that if this calling-station-id exist in radpostauth, we authorize it.

This string should be added under the Authorize section of  /etc/freeradius/sites-available/conf

HTH