Problem with MAC authorization..(again)
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Fri Aug 14 12:28:03 CEST 2009
On 14/08/2009 07:57, Alan DeKok wrote:
> Sunardo Panjaitan wrote:
>
>> This the output of radiusd -X :
>> rad_recv: Access-Request packet from host 10.1.0.6 port 1024, id=5, length=139
> ...
>> EAP-Message = 0x0201000501
> ...
>> Found Auth-Type = Accept
>> Auth-Type = Accept, accepting the user
>
> You can't do that for EAP. It might work sometimes, but not regularly.
Indeed.
>
> And if you do that, you need to return an EAP-Success in the
> Access-Accept.
>
>> But the client can't connect.Anybody can help me???
>
> You're short-circuiting an EAP exchange, which really won't work.
>
The examples were meant for pure RADIUS based mac-auth. If you're using EAP, you really want mac-authz.
Please advise on what EAP method you're using PEAP/TTLS etc... and we may be able to help you further.
Manufacturing accepts will work with some eap methods such as EAP-MD5 and EAP-TTLS-PAP. But not with methods such as EAP-TTLS-MSCHAPv2 or EAP-PEAP.
Regards,
Arran
--
Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
More information about the Freeradius-Users
mailing list