Plain Mac-Auth - server accepts but client does not connect

[Munroe Sollog]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 01/04/2016 05:56 PM, Matthew Newton wrote:
> On Mon, Jan 04, 2016 at 10:38:24PM +0000, Michael Linder wrote:
>> When I attempt to join the network from the phone, I am prompted for 802.1X credentials.  If
>> I type no credentials, the server won't handle the request at all.  If I type something into
>> one or both of the credentials fields, the server handles the request and displays "Auth-Type
>> = Accept, accepting the user" and "Sending Access-Accept of id 7 to 216.54.247.198 port 
>> 58063", but my phone does not join the network.
> 
> You can't do plain MAC auth with wireless - you must use EAP.
> 
> You could check mac address as well (but really, these days it's probably not worth it), but
> not on its own.
> 
> If you want to authenticate the device then EAP-TLS is the way to go. But at least it won't
> break when the devices decide to change their MAC addresses, as so many are starting to do
> randomly these days.
> 
> Matthew
> 
> 

I'm curious about your assertion.  I'm just starting to deploy FreeRADIUS in order to do mac auth
for a wireless network (Aruba), and I've been following:

http://wiki.freeradius.org/guide/mac-auth#plain-mac-auth

which seems to contradict your claim.  I'm curious if I am misunderstanding something.



- -- 
Munroe Sollog
LTS - Network Analyst
x85002
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWlWhYAAoJEPbbZiWCKDVCBoIH/2m4ZyrHnKfEPDjcziqV3D5U
cVEtbD+Xbqh+LjNjAaPGlKsJsrQwHV4MTregZOM2DmDc2PopOYfRKFyuTNA3yqLG
pLxFY9919Q349//6NVNuOcgcHKMyYtXQxnYH1FySbNIKfihbV2C1UeK+hn3OqFXl
/2Fihry0t1rEBkSaJos2Pd3JGOxr8wFiNHG8Lb6MAjNTE5kqROyn23pjN6IKtnR2
m4V3H8zOpc9lEdXFK1jpSFfnk7TG7HhAGDVKlglJFRH0CoyAs9McJJW0IdmXYZO8
vl0GDqQllAfSLnYflhr94bB6HUQDX01pQZnLxdGWwC/2T7ysKIWsfTNxWCh+pyU=
=Tw6K
-----END PGP SIGNATURE-----