Plain Mac-Auth - server accepts but client does not connect
Munroe Sollog
mus3 at lehigh.edu
Tue Jan 12 22:47:25 CET 2016
On 01/12/2016 04:43 PM, Arran Cudbard-Bell wrote:
>
>> That means that FreeRadius can't be used at all to allow devices that don't support EAP
>> (smart TVs, wireless sensors, etc) to join any SSID? Is the wiki wrong or am I missing the
>> clarification in the documentation?
>
> Mac-Auth can be used to authorize users for open wireless networks, or networks wireless
> secured by a PSK.
>
> It doesn't generate keying material so can't be used for WPA[2]-Enterprise
>
> -Arran
>
I see what you're saying. I've been reading this thread from last year:
http://lists.freeradius.org/pipermail/freeradius-users/2015-January/075146.html
And this seems to be what people do, or at least how vendors are implementing radius-backed
mac-auth in their hardware.
TL;DR, the NAS generates an EAP-MD5 packet with the MAC address as the username and password.
> Arran Cudbard-Bell <a.cudbardb at freeradius.org> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
>
> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Munroe Sollog
LTS - Network Analyst
x85002
More information about the Freeradius-Users
mailing list