2017-02-27 - Re: Lock login to mac-address

Header Data

From: Hotspotuser <jo***s@algardata.pt>
Message Hash: a451f6a6adc672756db16af8ea6070e7368876381fb6df837d58d2be9352deb7
Message ID: <137c0580-3669-4ab5-8d42-c7766a348307@grasehotspot.org>
Reply To: <CAASt=XRwPm71gWwyRUQM2Q_VQd2O8FBZOsKtgUPbJG8uSSF71w@mail.gmail.com>
UTC Datetime: 2017-02-27 04:47:30 UTC
Raw Date: Mon, 27 Feb 2017 03:47:30 -0800

Raw message 

You can do it outside of GRASE.

Here's my first thoughts:

Use FREERADIUS policy to do what you want...

Freeradius authorizes or denies autentication to users, so it seems the 
quickest way to do what you want :)

You have to change policy to check the username/password login request not 
only but also cross that username with the radius.radacct table to check if 
the mac address is the same of the 'first'/last session, if true authorize, 
if not refuse.

For me the workflow is this one. Out of my head, implementation details 
might change.

sábado, 25 de Fevereiro de 2017 às 18:12:55 UTC, Reflex INKY escreveu:
>
> Hi Tim,
>
> I had written before about a feature that I think would be useful. You had 
> given some guidelines and  I was trying to implement it myself without 
> success. What I would like to do is have an option to lock login to 
> mac-address similar to simultaneous logins. The way this would work is on 
> the first login the user mac-address would be associated with that login 
> and would not allow the user to login from another device. Do you think 
> that would be possible?
>
> Regards
>

Thread