Plain Mac-Auth - server accepts but client does not connect

[Matthew Newton]

On Mon, Jan 04, 2016 at 10:38:24PM +0000, Michael Linder wrote:
> When I attempt to join the network from the phone, I am prompted
> for 802.1X credentials.  If I type no credentials, the server
> won't handle the request at all.  If I type something into one
> or both of the credentials fields, the server handles the
> request and displays "Auth-Type = Accept, accepting the user"
> and "Sending Access-Accept of id 7 to 216.54.247.198 port
> 58063", but my phone does not join the network.

You can't do plain MAC auth with wireless - you must use EAP.

You could check mac address as well (but really, these days it's
probably not worth it), but not on its own.

If you want to authenticate the device then EAP-TLS is the way to
go. But at least it won't break when the devices decide to change
their MAC addresses, as so many are starting to do randomly these
days.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>