IP or MAC to a specific user

[andre2000]

Hi,
I am looking to improve the reporting and filtering by attributing connections (from specific IP Addresses, MACs) to users. Through setting up several restrictions I can be relatively sure that a user (device) always has the same IP MAC and IP address in order to access the LAN or internet.

For the first step I would like the Zenarmor reports to include a username, which according to their documentation (https://www.zenarmor.com/docs/guides/user-based-filtering-using-opnsense-captive-portal) would work when using the captive portal. I would like to avoid the users to have to go through an additional authentication, when they are able to connect to WLAN and obtain an IP address it's enough.

Is there another way (except RADIUS or LDAP, which I think will require auth as well) to attribute usernames to IP addresses?

[bartjsmit]

MAC addresses are not as fixed as they once were. Various OS vendors use random addresses to avoid tracking. Your best bet is user authentication.

[andre2000]

You are right in general. However, for my non-guest wlans all MAC are known and whitelisted. Change your MAC = no wifi access.

[knebb]

Well,

as far as I remember Radius does not require an authorization every time when connecting. Mean, once configured you connect to the WLAN without the need of giving credentials every time.

Instead you configure it once and the credentials are stored on the client. Which it re-uses them wwhen conneting.

But I have to statE: I am not sure about this. Check serveral Radius-Howtos on the Internet.

/KNEBB