BYOD and base on MAC

Alan DeKok aland at deployingradius.com
Wed Jan 31 21:22:15 CET 2018


On Jan 31, 2018, at 3:16 PM, Luc Paulin <paulinster at gmail.com> wrote:
> 
> Great thanx Alan, I agree that mac can be easilly spoofed, but the goal
> here is mainly to move the user's device to another vlan than corp and not
> doing authentication. We may eventually move to EAP-TLS, but this is at
> least a first step.
> 
> Yes I check the format and it's exacly the same ... Here's the output of
> the debug section for authorized_mac.
> 
> =======
> <------ LINES BEFORE REWRITE_CALLING_STATION_ID REMOVED --->

  Including deleting the "authorized_mac" config...
> 
> And here's the authorized_macs file content
> [root at radius-corp-01_{{PROD}} raddb]# cat authorized_macs
> 18-65-90-CB-4C-69
> Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized
> for network access"

  What the heck is that?

  You can't just invent a configuration file format and use it.  You MUST read the docs.

  So.. what is the "authorized_macs" module?  How did you configure it?  Why do you think that putting random things into it will make it do what you want?

  Alan DeKok.




More information about the Freeradius-Users mailing list