This module enables a MAC-based centralized authorization server for you to control network access (i.e., what devices can connect the network). In order for this to work, you must set and configure one or more intermediate devices known as Network Access Server (NAS), then connect users (also known as "supplicants") through them. Finally, you must configure the centralized authorization server to accept authorization requests sent from these NAS devices (e.g., access points, smart switches, etc.). See FreeRADIUS Technical Guide.
This module doesn't implement authentication, nor accounting right now.
This module helps you reduce the configuration the centralized authorization server needs but it doesn't help you configure NAS devices in your network. So you must configure these devices yourself before enjoy a successful centralized authorization infrastructure.
In normal operation, the system administrator does the following:
Use NethServer FreeRADIUS module to configure what NAS will be able to interact with the authorization server. See
Configure each NAS so as to send authorization request to the centralized authorization server (e.g., the system administrator must specify the authorization server IP, port number and related secret in each device intended to work as NAS).
Use NethServer DHCP module to reserve IP addresses and so, define what MAC will be authorized to access the network as well (i.e., only the MAC address that has been reserved in NethServer DHCP module will have authorized network access by the authorization server). See
For example, consider local wireless communities made of Nano Station devices in which one line of these devices is configured as access points and the rest of them as client stations. The access points are also configured to validate MAC addresses against a RADIUS authorization server running NethServer, FreeRADIUS and this module.
This module is in a very raw stage and might sure have errors. One of them is that MAC-based authorization doesn't provide too much security by its own (e.g., unauthorized users can clone the MAC address of authorized users and get network access as such). However, by doing so, the module provides a start-base code (and, hopefully, some motivation) for NethServer community to look forward sophisticated FreeRADIUS integration features like EAP authentication and accounting.