Checking MAC address with rlm_sql

Glen Harris astfgl at
Thu Apr 5 10:01:11 CEST 2012

On 04/04/12 18:34, Fajar A. Nugraha wrote:
> @Glen, can you try testing with simple PAP? This is to isolate
> EAP-related problem.
> You probably need to use radclient to manually add Calling-Station-Id
> attribute to the request. Look at the end of "radtest" program (which
> is a shell script) to see an example how to use radclient.
I've just tried with radclient:

echo "User-Name = user01, Password = pass01, Calling-Station-Id = 
98-4B-4A-F5-BF-40" | radclient -s localhost:1812 auth testing123

successfully authenticates the user using rlm_sql and pap. Changing the 
MAC to a different value fails the SQL query and authentication as expected.

Going back to the access point, I can now understand that the failure is 
happening inside the inner-tunnel virtual server. First the authorize 
section is called which does the SQL query but can't match the user, 
then the authenticate section which fails because there's no password set.

5 minutes of googling later I found a pointer to copy_request_to_tunnel 
in the peap section of eap.conf and my client devices started 

Many thanks to everyone who helped.

Regards, glen.

More information about the Freeradius-Users mailing list