This is a step by step guide for making Radius Server
with MAC-AUTH, if you will follow this I make you sure that you don’t get
error. First of all open the interface of your access point and make it
authenticate via RADIUS, provide it with the ip of the radius server you will
make and a shared key (shared key will be same for access point and radius server). The operating system used
here is OpenBSD 5.1 and the FreeRadius version 2.1.12
(make all actions as root)Install freeradius
# pkg_add freeradius-2.1.12.tgz
##########
#radiusd –X
This will show Ready
to process requests at the end press ctrl+c
Now,
#cd
/etc/raddb/
# nano clients.conf
client ip of
your access point {
secret = yourShareds3cret
shortname
= airport
nastype =
other
}
SAVE & EXIT
# mv modules/files
modules/files.bak
#nano modules/files
files authorized_macs {
#
The default key attribute to use for matches.
The content
#
of this attribute is used to match the "name" of the
#
entry.
key = "%{Calling-Station-ID}"
usersfile = ${confdir}/authorized_macs
# If you want to use the old
Cistron 'users' file
# with FreeRADIUS, you should
change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
}
SAVE &EXIT
#nano
authorized_macs
The
mac address of client(laptop)
Reply-Message = "Device with MAC Address %{Calling-Station-Id}
authorized for network access"
SAVE & EXIT
#mv sites-available/default sites-available/default.bak
#nano sites-available/default
authorize {
preprocess
# if
cleaning up the Calling-Station-Id...
Rewrite.called_station_id
# now
check against the authorized_macs file
authorized_macs
if (!ok)
{
reject
}
else {
#
accept
update
control {
Auth-Type := Accept
}
}
}
SAVE & EXIT
#radiusd –X
This will show Ready
to process requests
This means you have not encountered any error and
now try to connect your laptop or any wifi device with the access point but
make sure that the mac address of the device is in the users and the
authorized_macs files. When you will try to connect your client (laptop) and you will see Calling-Station-Id = "00-FF-00-FF-00-FF", that should be the MAC address of the
client you want to authenticate.
Now add MAC address of the devices you want to connect with the network, in the authorized_macs file.
Additionally you can get some errors like "can't find /var/run/radiusd.radius.sock or we do not own /var/run/radiusd/radiusd.sock".
If you get such error make a folder naming radiusd in /var/run/ and make sure that "_freeradius" own it. The command for this will be "chown -R _freeradius:_freeradius /var/run/radiusd/" .
All the best and remember
Do not try this at home!!!
