RADIUS auth by Mac address
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Tue Oct 7 21:56:50 EDT 2003
On Tue, Oct 07, 2003 at 09:09:46PM -0400, ron.peterson at yellowbank.com wrote:
> On Tue, Oct 07, 2003 at 05:16:31PM -0400, josephc at etards.net wrote:
>
> > Does anyone have any experience or docs in setting up a RADIUS server to
> > authenticate a host by it's MAC address?
>
> Yes. I've included a portion of the users file for cistron radius.
> This configuration supports MAC based authentication for Lucent wireless
> access points. Maybe others, but that's what I've tested. (Or is it
> Orinoco? Or Agere? Or Proxim? Or Higgedly Piggedly? I forget.)
So, I'm wondering why you would do this. I regard access points as
insecure pieces of infrastructure, subject to frequent failure and
replacement. Since all encryption has to be done through to the client
anyway, why do [easily spoofable] [unnecessary] auth of the hardware
itself?
(One answer just occurred to me. Are you doing a single-sign-on for
admin rights to the boxes? But it would be better to maintain a single
logon for the box and only manage through scripts or SNMP...)
-dsr-
More information about the Discuss
mailing list