Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
IP or MAC to a specific user
« previous
next »
Print
Pages: [
1
]
Author
Topic: IP or MAC to a specific user (Read 968 times)
andre2000
Newbie
Posts: 31
Karma: 2
IP or MAC to a specific user
«
on:
December 02, 2023, 08:37:29 am »
Hi,
I am looking to improve the reporting and filtering by attributing connections (from specific IP Addresses, MACs) to users. Through setting up several restrictions I can be relatively sure that a user (device) always has the same IP MAC and IP address in order to access the LAN or internet.
For the first step I would like the Zenarmor reports to include a username, which according to their documentation (
https://www.zenarmor.com/docs/guides/user-based-filtering-using-opnsense-captive-portal
) would work when using the captive portal. I would like to avoid the users to have to go through an additional authentication, when they are able to connect to WLAN and obtain an IP address it's enough.
Is there another way (except RADIUS or LDAP, which I think will require auth as well) to attribute usernames to IP addresses?
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: IP or MAC to a specific user
«
Reply #1 on:
December 02, 2023, 10:49:48 am »
MAC addresses are not as fixed as they once were. Various OS vendors use random addresses to avoid tracking. Your best bet is user authentication.
Logged
andre2000
Newbie
Posts: 31
Karma: 2
Re: IP or MAC to a specific user
«
Reply #2 on:
December 02, 2023, 09:43:26 pm »
You are right in general. However, for my non-guest wlans all MAC are known and whitelisted. Change your MAC = no wifi access.
Logged
knebb
Full Member
Posts: 126
Karma: 4
Re: IP or MAC to a specific user
«
Reply #3 on:
December 03, 2023, 10:00:22 am »
Well,
as far as I remember Radius does not require an authorization every time when connecting. Mean, once configured you connect to the WLAN without the need of giving credentials every time.
Instead you configure it once and the credentials are stored on the client. Which it re-uses them wwhen conneting.
But I have to statE: I am not sure about this. Check serveral Radius-Howtos on the Internet.
/KNEBB
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
IP or MAC to a specific user