Two networks: WEP+MAC Filtering and WPA(PEAP)
Ivan Kalik
tnt at kalik.net
Thu Feb 28 14:08:10 CET 2008
>
>rad_recv: Access-Request packet from host 10.10.10.139:6001, id=7,
>length=115
>
> User-Name = "00-18-de-4e-8f-1d"
>
> User-Password = "secret"
>
> NAS-IP-Address = x.x.x.139
>
> Called-Station-Id = "00-20-a6-64-66-a3:A"
>
> Calling-Station-Id = "00-18-de-4e-8f-1d"
>
> NAS-Port = 2
>
> NAS-Port-Type = Wireless-802.11
>
>I have this entry in my users file :
>
>00-18-de-4e-8f-1d Auth-Type:=Local, User-Password == "secret"
>
>
>
>Is this correct(right) way to control MAC addresses thought radius?
>
This will work fine considering that mac address will not be used for
mschap eap etc. Correct way is not to use Auth-Type and use
Cleartext-Password with := as operator (if this is a recent Freeradius
version).
>
>
>Another question is : what is correct way to separate two types(MAC&PEAP) of
>requests to radius server?
>
There is nothing to do. mac auth wil be a pap request (like the one you
posted) and peap will be an eap request. So, your AP will do that for
you.
>
>
>At this moment I have situation when my MAC request tries to authorize
>thought LDAP and only afterward looks in users file.
>
Upgrade to 2.0.2. Than you can process pap and eap requests differently.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list