WiFi & Mac address authentication

brainstorm braincode at gmail.com
Wed Apr 12 15:32:55 CEST 2006


Solved the problem a couple of weeks ago... the error was actually in
eap.conf, the following two attributes were required when the MAC
check was active:

peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no

I set them both to yes and it worked !

Thanks for your support.

>
> Hmm. I still say you need to read and understand the docs, but try this:
>
>      passwd MAC-IP {
>                 filename = ${raddbdir}/MAC-IP
>                 format = "*Calling-Station-Id:"
>                 delimiter = ":"
>          }
>
> (...)
>
> authorize {
>      preprocess
>      MAC-IP {
>          # If the MAC isn't in the file, the modules returns notfound
>          # in that case, exit "authorize" with reject immediately
>          notfound = reject
>      }
>      files
>      eap
> }
>
> That is, have no authtype on the "passwd" module. If that doesn't work,
> you may try something like:
>
>      passwd MAC-IP {
>                 filename = ${raddbdir}/MAC-IP
>                 format = "*Calling-Station-Id:~Group"
>                 delimiter = ":"
>          }
>
> (...)
>
> authorize {
>      preprocess
>      MAC-IP
>      files
>      eap
> }
>
> /etc/raddb/MAC-IP:
>
> 00-11-22-33-44-55:FAKEGROUP
> aa-bb-cc-dd-ee-ff:FAKEGROUP
>
> /etc/raddb/users:

The DEFAULT Group is no longer necessary to make it work.

> DEFAULT Group !* ANY, Auth-Type := Reject
>
> user1 NT-Password := abcdefg...
>
> user2 NT-Password := abcdefg...
> -




More information about the Freeradius-Users mailing list