Mac-address based auth with Radius for wlans

Mark Johnston mjohnston at
Fri Sep 12 07:03:16 PDT 2003

Martin Jessa <freebsd at> wrote:
> I was wondering if it was possible to somehow combine Mac-address
> authentication with SQL stored user data, i.e username at
> with some pass will get his MAC-address stored in a database when he
> authenticates and then he gets an IP handed out by the Radius server.
> Is there any tool that can do that ?

If you're willing to do a bit of setup work, I'd try OpenRADIUS
(  It's more of a RADIUS framework than a
server, in that you create a "behaviour" file, which is basically a script
that it runs in order to respond to requests.  You can specify an external
program to mung the packet at any point, and it handles things like
forking, multiple instances, resource management, etc.  I've implemented
such esoteric things as 3G MILENAGE authentication in it with little
trouble.  I'm confident that if it can be done with RADIUS, it can be done
in OpenRADIUS. :)

I haven't run the server under load, but during testing it felt very
solid; still, YMMV.

I don't think it's available in ports, but it built cleanly on 4.x last
I tried.


More information about the freebsd-isp mailing list