FR Using MAC Authentication

Alan DeKok aland at deployingradius.com
Fri May 8 17:45:49 CEST 2009


Steve Wu wrote:
> I want my wireless clients to do MAC authentication via the FR box. I
> have setup my users file to auth two of my test laptops:
> 
> 000E35-84610A Auth-Type := Local, User-Password == "esradius"
> 00215C-08B25D Auth-Type := Local, User-Password == "esradius"

  Those entries are wrong, even in 1.1.7.  You should use:


000E35-84610A Cleartext-Password := "000E35-84610A"
...


> When either tries to connect up, in the FR debug I see:
> 
> rad_recv: Access-Request packet from host 10.10.18.241:2160, id=7, length=53
>         User-Name = "00215c-08b25d"
>         User-Password = "00215c-08b25d"

  Which doesn't match the password you put into the "users" file.

> Why is the User-Password the MAC address and not what is specified in
> the users file? I have only tweaked the users and clients.conf files.

  Maybe you're not clear on what's happening.  The *NAS* is sending the
packet containing that User-Password attribute.  The RADIUS server has
no control over that.

  The RADIUS server is supposed to look at that password, and see if
it's valid.  The configuration I showed above will tell the server to do
that.

  Alan DeKok.



More information about the Freeradius-Users mailing list