ipfw plus authentication???
freebsd at meijome.net
Tue Apr 4 13:52:26 UTC 2006
On Mon, 3 Apr 2006 00:34:49 -0700 (PDT)
Mark Jayson Alvarez <jay2xra at yahoo.com> wrote:
> I am looking for ways to manage our LAN by having each user register
> their ipaddress, mac address, workstation os, etc. in our ldap
> directory. Now in our pcrouter, the users will first send his login
> credentials to the pcrouter, and then the pcrouter will check against
> ldap if this login is correct, and if it is, then it will now do an
> ldapsearch/compare operation to see if the source address (ip/mac) of
> the user trying to gain network access is indeed belongs to that
> user. Only then, the ipfw ruleset will be changed to allow traffic
> originating from this source address...
Something like a captured portal for wireless? (is that what they were
called? :D ) I like the idea though
btw, why you will be trying to lock down by ip/mac... you need to make
sure the users cant change this at their end...
Why do the users set their own IP? dhcp....
I remember reading somewhere about authentication at the DHCP level...
from memory, with managed switches and disabling the port via snmp (for
a period) if there was something askew.
More information about the freebsd-questions