Mailinglist Archive: opensuse (4237 mails)

< Previous Next >
RE: [SLE] MAC address authentication
  • From: "nhaas" <nhaas@xxxxxxxxxxxxx>
  • Date: Wed, 11 Aug 2004 11:00:33 -0700
  • Message-id: <001501c47fcd$1a840760$da00fe0a@xxxxxxxxxxxx>
Thank you for the reply we really don't have anything in place yet. It is
just a wish to get this in place by the 30th before the students get back to
school. This would save a lot of time by not having the students use a
signup form...

Neal Haas
Fresno Pacific University


-----Original Message-----
From: Danny Sauer [mailto:suse-linux-e.suselists@xxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 11, 2004 9:51 AM
To: SuSE List
Subject: Re: [SLE] MAC address authentication

nhaas wrote regarding '[SLE] MAC address authentication' on Tue, Aug 10 at
17:48:
> Hi All;
>
> I am trying to make an authentication server. We are a campus that
requires
> a MAC address in a database to use the web.
>
> Is there a way so that when a new computer is added to our network that
they
> can be sent to a web page that grabs the MAC address (got this one with
PHP)
> They have to put in there Name and Room Number (PHP, MYSQL) and saves it
to
> a data base. Once they have done this it gives them access to the
internet.
> Via proxy or something like this? Then every time afterwards it lets them
go
> out because it knows the MAC address.
>
> Is there something that is created like this already?

Can the web server see the DHCP server's log file (or is there a DHCP
server at all)? If it can, then just look through the log file for the
MAC associated with the conencting IP (you can get the IP in PHP) and
stick that in the DB. If you're on the same network segment, you could
just run a system call to "/sbin/arp" on the php machine - assuming
it's an OS which woudl have /sbin/arp - to get the MAC address from the
IP address.

Is the proxy already in place, or is that something else that "will be"
set up as part of this? If it's not already in place, you could do some
more access control using iptables rules built from a database, and use
something like a fake DNS server with a wildcard entry to direct everything
to a registration web server until an address was in the database. This'd
be a bit more work to set up (though, not much), and would give you the
ability to restrict all outgoing traffic without messing with proxies,
etc.

--Danny

--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx





< Previous Next >
Follow Ups
References