OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: BrianW on January 21, 2019, 09:24:30 pm

Title: MAC Authentication via RADIUS
Post by: BrianW on January 21, 2019, 09:24:30 pm
I am running OPNsense 18.7.10-amd64.

I would like to authenticate users with MAC address via RADIUS or roll to a capture page if not authenticated.

Can this be done with OPNsense? Can someone point me in the right direction?

Thanks,

Brian
Title: Re: MAC Authentication via RADIUS
Post by: mimugmail on January 22, 2019, 06:03:24 am
Username and password have to be the Mac address
Title: Re: MAC Authentication via RADIUS
Post by: BrianW on January 22, 2019, 04:27:52 pm
Thanks. I've gotten this far. If I use the default captive portal, I can key in the MAC address in the username field and it authenticates, but I do not want users to see this screen if their device has previously been authenticated.

Ideally, an authenticated device gets immediate Internet access. They should never see the captive portal. If it is not authenticated, they are redirected to my website where they can purchase service or authenticate with an activation code provided when they purchased service. This adds their MAC address to the RADIUS server.

Thanks,

Brian

Title: Re: MAC Authentication via RADIUS
Post by: mimugmail on January 22, 2019, 04:52:14 pm
Mac via Radius is 802.1x which is different to CP auth where you can exclude Mac via a list
Title: Re: MAC Authentication via RADIUS
Post by: BrianW on January 22, 2019, 08:57:30 pm
Thank you.

What I would like to happen is for OPNsense to check my RADIUS server with the MAC address of the device.

If not authenticated, redirect to our portal for sign up / activation.

I can use CP to redirect to our portal, but how do I tell OPNsense to check our RADIUS server first before invoking the CP.

Thanks,

Brian
Title: Re: MAC Authentication via RADIUS
Post by: mimugmail on January 22, 2019, 09:50:00 pm
Mac based auth (802.1X) is in theory the same as mac whitelist via CP.
Why don't you just set up CP and whitelist known mac addresses? Where is the difference to Radius?
Title: Re: MAC Authentication via RADIUS
Post by: BrianW on January 22, 2019, 10:36:29 pm
That may work...

Thank you for your assistance.