LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-22-2010, 08:22 PM   #1
markotitel
Member
 
Registered: Feb 2009
Location: Titel - Serbia
Posts: 155

Rep: Reputation: 18
How can I authenticate ethernet users before they use network


Hello,

is there any solution for authentication of ethernet users.

something similar to daloradius for wifi.

I dont want to use pppoe. is there any way to connect daloradius with dhcp server, so when certain mac address asks for IP first daloradius will look if it is allowed.

Thanks
 
Old 11-23-2010, 03:54 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I see a lot of suggestions for Squid Proxy as a solution to restrict Internet usage. It sounds like you would rather prevent them from even connecting to your network, in which case you could whitelist your DHCP list, use an ACL on a switch or router if you have one that supports it. Restricting the DHCP could possibly be bypassed by simply setting an IP rather than requesting one be assigned.
 
Old 11-23-2010, 05:42 AM   #3
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 47
You could arrange dhcpd to only hand out static leases, and have iptables dynamically allow connections from the allocated IPs and block everything else.
Unfortunately, this would be very time-critical, as the DHCP-ACK packet will contain the source address just handed out.
 
Old 11-23-2010, 09:16 PM   #4
markotitel
Member
 
Registered: Feb 2009
Location: Titel - Serbia
Posts: 155

Original Poster
Rep: Reputation: 18
Thanks for answers, i already use proxy and static DHCP.

Now I want to setup daloradius for my users, for wireless it is ok , but I dont know how to solve authentication for ethernet users.
 
Old 11-25-2010, 09:21 AM   #5
JFNash
LQ Newbie
 
Registered: Nov 2010
Posts: 5

Rep: Reputation: 1
Quote:
Originally Posted by markotitel View Post
Thanks for answers, i already use proxy and static DHCP.

Now I want to setup daloradius for my users, for wireless it is ok , but I dont know how to solve authentication for ethernet users.
I use FreeRadius with ChilliSpot and they're fantastic.
 
Old 11-28-2010, 07:07 AM   #6
markotitel
Member
 
Registered: Feb 2009
Location: Titel - Serbia
Posts: 155

Original Poster
Rep: Reputation: 18
Can you control ethernet users ? Exclude PPP type of connections. I want to control ethernet users by mac addres and if mac is acceptable, than give them IP form dhcp server.
 
Old 11-28-2010, 08:22 AM   #7
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Have you considered using iptables to allow only specific MACs to use your server? Like (example):
Code:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -m mac --mac-source YY:YY:YY:YY:YY:YY -j ACCEPT
iptables -A INPUT -m mac --mac-source ZZ:ZZ:ZZ:ZZ:ZZ:ZZ -j ACCEPT
iptables -A INPUT -j DROP
 
Old 11-28-2010, 09:53 PM   #8
markotitel
Member
 
Registered: Feb 2009
Location: Titel - Serbia
Posts: 155

Original Poster
Rep: Reputation: 18
there is no problem to block some mac or some user, but I want to do it with daloradius.
 
Old 11-29-2010, 08:03 PM   #9
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
If your hardware supports it, use 802.1x. It's designed for authentication of clients.
 
Old 11-30-2010, 02:35 AM   #10
markotitel
Member
 
Registered: Feb 2009
Location: Titel - Serbia
Posts: 155

Original Poster
Rep: Reputation: 18
Hello,

I see there is no easy solution, because Windows clients have a problem with this type of auth. Ah, nevermind, al find some other way for eth users.

thnk you
 
Old 11-30-2010, 06:14 AM   #11
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
as matir has said 802.1x is a way to authenticate users. 802.1x was designed to do the same things you are looking for.
 
Old 12-01-2010, 12:59 AM   #12
markotitel
Member
 
Registered: Feb 2009
Location: Titel - Serbia
Posts: 155

Original Poster
Rep: Reputation: 18
As I sad windows has problems with 802.1x.
 
  


Reply

Tags
authentication, dhcp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
authenticate AD users to openldap hkg04 Linux - Enterprise 4 02-24-2010 09:34 AM
How to Authenticate users in a Hotspot landysaccount Linux - Newbie 1 10-15-2008 10:05 AM
Samba: New AD users can't authenticate warci Linux - Networking 2 04-10-2006 02:18 AM
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 09:01 AM
authenticate samba users using the NIS manojthakkar Linux - General 1 02-02-2004 02:25 PM


All times are GMT -5. The time now is 08:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration