RADIUS auth by Mac address
ron.peterson at yellowbank.com
ron.peterson at yellowbank.com
Tue Oct 7 22:21:32 EDT 2003
On Wed, Oct 08, 2003 at 01:56:50AM +0000, dsr at tao.merseine.nu wrote:
> On Tue, Oct 07, 2003 at 09:09:46PM -0400, ron.peterson at yellowbank.com wrote:
> > On Tue, Oct 07, 2003 at 05:16:31PM -0400, josephc at etards.net wrote:
> >
> > > Does anyone have any experience or docs in setting up a RADIUS server to
> > > authenticate a host by it's MAC address?
> >
> > Yes. I've included a portion of the users file for cistron radius.
> > This configuration supports MAC based authentication for Lucent wireless
> > access points. Maybe others, but that's what I've tested. (Or is it
> > Orinoco? Or Agere? Or Proxim? Or Higgedly Piggedly? I forget.)
>
> So, I'm wondering why you would do this. I regard access points as
> insecure pieces of infrastructure, subject to frequent failure and
> replacement. Since all encryption has to be done through to the client
> anyway, why do [easily spoofable] [unnecessary] auth of the hardware
> itself?
>
> (One answer just occurred to me. Are you doing a single-sign-on for
> admin rights to the boxes? But it would be better to maintain a single
> logon for the box and only manage through scripts or SNMP...)
It's not Fort Knox security, but it can prevent casual
(intentional/inadvertant) use of public access points by non-campus
people. We know everyone's mac address because we have a netreg-like
setup.
--
Ron Peterson -o)
87 Taylor Street /\\
Granby, MA 01033 _\_v
https://www.yellowbank.com/ ----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20031007/ff7421b6/attachment.sig>
More information about the Discuss
mailing list