Date: Tue, 4 Apr 2006 23:52:22 +1000 From: Norberto Meijome <freebsd@meijome.net> To: Mark Jayson Alvarez <jay2xra@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw plus authentication??? Message-ID: <20060404235222.3664b960@localhost> In-Reply-To: <20060403073449.1238.qmail@web51602.mail.yahoo.com> References: <20060403073449.1238.qmail@web51602.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2006 00:34:49 -0700 (PDT) Mark Jayson Alvarez <jay2xra@yahoo.com> wrote: > I am looking for ways to manage our LAN by having each user register > their ipaddress, mac address, workstation os, etc. in our ldap > directory. Now in our pcrouter, the users will first send his login > credentials to the pcrouter, and then the pcrouter will check against > ldap if this login is correct, and if it is, then it will now do an > ldapsearch/compare operation to see if the source address (ip/mac) of > the user trying to gain network access is indeed belongs to that > user. Only then, the ipfw ruleset will be changed to allow traffic > originating from this source address... Something like a captured portal for wireless? (is that what they were called? :D ) I like the idea though btw, why you will be trying to lock down by ip/mac... you need to make sure the users cant change this at their end... Why do the users set their own IP? dhcp.... I remember reading somewhere about authentication at the DHCP level... from memory, with managed switches and disabling the port via snmp (for a period) if there was something askew. B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060404235222.3664b960>