From owner-freebsd-isp@FreeBSD.ORG Fri Sep 12 07:03:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB7EE16A4BF for ; Fri, 12 Sep 2003 07:03:15 -0700 (PDT) Received: from omoikane.mb.skyweb.ca (209-5-243-50.mb.skyweb.ca [209.5.243.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF10943F3F for ; Fri, 12 Sep 2003 07:03:14 -0700 (PDT) (envelope-from mark@omoikane.mb.skyweb.ca) Received: from omoikane.mb.skyweb.ca (localhost [127.0.0.1]) by omoikane.mb.skyweb.ca (8.12.9/8.12.9) with ESMTP id h8CE3CSo001413; Fri, 12 Sep 2003 09:03:12 -0500 (CDT) (envelope-from mark@omoikane.mb.skyweb.ca) Received: (from mark@localhost) by omoikane.mb.skyweb.ca (8.12.9/8.12.9/Submit) id h8CE3CVL001412; Fri, 12 Sep 2003 09:03:12 -0500 (CDT) Date: Fri, 12 Sep 2003 09:03:12 -0500 From: Mark Johnston To: Martin Jessa Message-ID: <20030912140312.GC1191@omoikane.mb.skyweb.ca> Mail-Followup-To: Martin Jessa , freebsd-isp References: <20030912121235.7defa99d.freebsd@yazzy.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030912121235.7defa99d.freebsd@yazzy.org> User-Agent: Mutt/1.4.1i cc: freebsd-isp Subject: Re: Mac-address based auth with Radius for wlans X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2003 14:03:16 -0000 Martin Jessa wrote: > I was wondering if it was possible to somehow combine Mac-address > authentication with SQL stored user data, i.e username@domain.com > with some pass will get his MAC-address stored in a database when he > authenticates and then he gets an IP handed out by the Radius server. > Is there any tool that can do that ? If you're willing to do a bit of setup work, I'd try OpenRADIUS (http://www.openradius.net). It's more of a RADIUS framework than a server, in that you create a "behaviour" file, which is basically a script that it runs in order to respond to requests. You can specify an external program to mung the packet at any point, and it handles things like forking, multiple instances, resource management, etc. I've implemented such esoteric things as 3G MILENAGE authentication in it with little trouble. I'm confident that if it can be done with RADIUS, it can be done in OpenRADIUS. :) I haven't run the server under load, but during testing it felt very solid; still, YMMV. I don't think it's available in ports, but it built cleanly on 4.x last I tried. Mark