Freeradius username, pass + mac auth with mikrotik nas

EMOziko · August 23, 2010, 6:52pm

Hello i have freeradius2 server on my centos and mikrotik as NAS. I am using username + password auth method. But I need to add MAC method too.
I want Radius server checks username, password and MAC addresses at the same time when the user authenticate.
Anyone have experience with this? How can i do this?

fewi · August 24, 2010, 3:56pm

The RADIUS server is informed of the MAC address via the Calling-Station-Id attribute, so you just need to adjust the query it runs to also include it as a parameter.

microsystem · August 21, 2015, 10:44pm

1 - open this path
/etc/freeradius/sql/mysql/dialup.conf

2 - search in : authorize_check_query
reblase all query to :

authorize_check_query = "SELECT id, username, attribute, value, op, mac
FROM ${authcheck_table}
WHERE username = '%{SQL-User-Name}' and (mac IS NULL or mac='%{Calling-Station-Id}')
ORDER BY id"

3 - add new colum `mac` in database in `radcheck` table and set him to `null`

4 - add your current user with the bassword with the two or three mac's
as you want.

Freeradius username, pass + mac auth with mikrotik nas

1 - open this path /etc/freeradius/sql/mysql/dialup.conf

authorize_check_query = "SELECT id, username, attribute, value, op, mac FROM ${authcheck_table} WHERE username = '%{SQL-User-Name}' and (mac IS NULL or mac='%{Calling-Station-Id}') ORDER BY id"

3 - add new colum mac in database in radcheck table and set him to null

1 - open this path
/etc/freeradius/sql/mysql/dialup.conf

authorize_check_query = "SELECT id, username, attribute, value, op, mac
FROM ${authcheck_table}
WHERE username = '%{SQL-User-Name}' and (mac IS NULL or mac='%{Calling-Station-Id}')
ORDER BY id"

3 - add new colum `mac` in database in `radcheck` table and set him to `null`