nhaas wrote regarding '[SLE] MAC address authentication' on Tue, Aug 10 at 17:48:
Hi All;
I am trying to make an authentication server. We are a campus that requires a MAC address in a database to use the web.
Is there a way so that when a new computer is added to our network that they can be sent to a web page that grabs the MAC address (got this one with PHP) They have to put in there Name and Room Number (PHP, MYSQL) and saves it to a data base. Once they have done this it gives them access to the internet. Via proxy or something like this? Then every time afterwards it lets them go out because it knows the MAC address.
Is there something that is created like this already?
Can the web server see the DHCP server's log file (or is there a DHCP server at all)? If it can, then just look through the log file for the MAC associated with the conencting IP (you can get the IP in PHP) and stick that in the DB. If you're on the same network segment, you could just run a system call to "/sbin/arp" on the php machine - assuming it's an OS which woudl have /sbin/arp - to get the MAC address from the IP address. Is the proxy already in place, or is that something else that "will be" set up as part of this? If it's not already in place, you could do some more access control using iptables rules built from a database, and use something like a fake DNS server with a wildcard entry to direct everything to a registration web server until an address was in the database. This'd be a bit more work to set up (though, not much), and would give you the ability to restrict all outgoing traffic without messing with proxies, etc. --Danny