Re: MAC Address filtering
From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 07/09/04
- Previous message: James McIllece [MS]: "Re: IAS Athentication via ODBC"
- In reply to: Mike: "MAC Address filtering"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 09 Jul 2004 12:34:38 -0700
"Mike" <anonymous@discussions.microsoft.com> wrote in
news:24db301c46056$25267db0$a601280a@phx.gbl:
> Is there a step by step guide to using mac addresses in
> the radius server to authenticate wireless clients. I
> have heard a lot about this and have searched the ms web
> site and cant seem to find anything.
>
Here is some information from the IAS Technical Reference found at
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techr
ef/en-
us/Default.asp?url=/resources/documentation/windowsServ/2003/all/techref/en
-us/w2k3tr_ias_how.asp
This information is from the Tech Ref section "How IAS works":
MAC address authorization
Media Access Control (MAC) address authorization functions in the same way
as ANI authorization, but it is used for wireless clients and clients
connecting to your network by using an 802.1X authenticating switch.
MAC address authorization is based on the MAC address of the network
adapter installed in the user’s client computer. Like ANI authorization,
MAC address authorization uses the Calling-Station-ID attribute instead of
user name and password or certificate-based credentials to identify the
user during the connection attempt.
MAC address authorization is performed when the user does not type in any
user name or password, and refuses to use any valid authentication method.
In this case, IAS receives Calling-Station-ID, and no user name and
password. To support MAC address authorization, the Active Directory must
have user accounts with MAC addresses as user names.
MAC address authorization is enabled when you do the following:
Enable MAC address authorization on access servers (such as wireless APs).
Enable unauthenticated access on the appropriate remote access policy for
MAC address-based authentication, and enable PAP.
Create a user account for each MAC address for which you want to provide
MAC address authorization. The name of the user account must match the MAC
address of the network adapter installed in the computer that the user is
connecting from. The user account password must be set to the RADIUS shared
secret used between the RADIUS client (such as an AP) and the IAS server.
Set the User Identity Attribute registry value to 31 on the authenticating
server.
To always use the MAC address as the user identity, set the Override User-
Name registry value to 1 on the IAS server.
-- James McIllece, Microsoft Please do not send email directly to this alias. This is my online account name for newsgroup participation only. This posting is provided "AS IS" with no warranties, and confers no rights.
- Previous message: James McIllece [MS]: "Re: IAS Athentication via ODBC"
- In reply to: Mike: "MAC Address filtering"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
