IAS authentication by MAC address - cannot enter MAC in Caller-ID field

  • Thread starter Thread starter Raymond Jean
  • Start date Start date
R

Raymond Jean

We are in the process of securing Ethernet access for our students
accessing the network through wired ports.

At this point, things are working fine - we have our 3Com 3C3300
switches setup to authenticate users to a RADIUS server (IAS).
Authorized users are members of a group within AD which is permitted
access to the network and are granted dial-in access. They are
challenged for their userid and password, and once authentication is
done by the IAS server, the Ethernet port on the switch is enabled and
off they go.

Before deploying this to our students, we wish to go one final step -
to require that the device they are authenticating with has a MAC
address which is registered with the RADIUS server.

I am led to believe that this can be done by entering the MAC address
in the Caller-ID field of the UserID. This way, we can associate MAC
addresses with users in case we find security issues and can identify
the wayward computer.

When I try to enter a MAC address in the Caller-ID field, I receive
the error:

"Dial-in profile changes were not saved because: Member not found"

I have googled and Technetted and found nothing.

Can anyone suggest:

a) Why I cannot enter a MAC address in the Caller-ID field of the
Dial-In tab of the User,

or

b) An alternate method to require that a user's MAC address match one
somewhere in AD so we are authenticating hardware as well as user?

Much obliged for any thoughts. Students return Friday.

Raymond Jean
Tulane Law School
 
Nevermind. If I try to enter the MAC at the actual IAS server
console, it works fine. Just fails when I use remote desktop to try
the same thing.

Won't bother to figure out why that is.......
 
Back
Top