<div dir="ltr"><div><div><div>Hi again.<br><br></div>Matthew, you are rigth, i have no Access-Accept.<br><br></div>I have this response:<br><br>Fri Jun 21 14:18:02 2013 : Info: [authorized_macs] expand: Device with MAC Address %{Calling-Station-Id} authorized for network access -> Device with MAC Address 98-0c-82-b5-00-f2 authorized for network access<br>
Fri Jun 21 14:18:02 2013 : Info: +++[authorized_macs] returns ok<br>Fri Jun 21 14:18:02 2013 : Info: +++? if (!ok)<br>Fri Jun 21 14:18:02 2013 : Info: ? Evaluating !(ok) -> FALSE<br>Fri Jun 21 14:18:02 2013 : Info: +++? if (!ok) -> FALSE<br>
Fri Jun 21 14:18:02 2013 : Info: +++- entering else else {...}<br>Fri Jun 21 14:18:02 2013 : Info: ++++[control] returns ok<br>Fri Jun 21 14:18:02 2013 : Info: +++- else else returns ok<br>Fri Jun 21 14:18:02 2013 : Info: ++- if (EAP-Message) returns ok<br>
Fri Jun 21 14:18:02 2013 : Info: ++ ... skipping else for request 1: Preceding "if" was taken<br>Fri Jun 21 14:18:02 2013 : Info: Found Auth-Type = Accept<br>Fri Jun 21 14:18:02 2013 : Info: Auth-Type = Accept, accepting the user<br>
Fri Jun 21 14:18:02 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default<br>Fri Jun 21 14:18:02 2013 : Info: +- entering group post-auth {...}<br>Fri Jun 21 14:18:02 2013 : Info: [reply_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://192.168.202.252/reply-detail-20130621">192.168.202.252/reply-detail-20130621</a><br>
Fri Jun 21 14:18:02 2013 : Info: [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://192.168.202.252/reply-detail-20130621">192.168.202.252/reply-detail-20130621</a><br>
Fri Jun 21 14:18:02 2013 : Info: [reply_log] expand: %t -> Fri Jun 21 14:18:02 2013<br>Fri Jun 21 14:18:02 2013 : Info: ++[reply_log] returns ok<br>Fri Jun 21 14:18:02 2013 : Info: [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://192.168.202.252/auth-detail-20130621">192.168.202.252/auth-detail-20130621</a><br>
Fri Jun 21 14:18:02 2013 : Info: [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://192.168.202.252/auth-detail-20130621">192.168.202.252/auth-detail-20130621</a><br>
Fri Jun 21 14:18:02 2013 : Info: [auth_log] expand: %t -> Fri Jun 21 14:18:02 2013<br>Fri Jun 21 14:18:02 2013 : Info: ++[auth_log] returns ok<br>Fri Jun 21 14:18:02 2013 : Info: ++[exec] returns noop<br>Sending Access-Accept of id 129 to 192.168.202.252 port 35856<br>
Reply-Message = "Device with MAC Address 98-0c-82-b5-00-f2 authorized for network access"<br>Fri Jun 21 14:18:02 2013 : Info: Finished request 1.<br><br></div>I have follow this configuration: <a href="http://wiki.freeradius.org/guide/Mac%20Auth#raddb/sites-available/default">http://wiki.freeradius.org/guide/Mac%20Auth#raddb/sites-available/default</a><br>
<br><pre> authorized_macs
if (!ok) {
reject
}
else {
# accept
update control {
Auth-Type := Accept
}
}
}</pre>But i have no conection.<br><br>Thank you.<br><div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/21 Matthew Newton <span dir="ltr"><<a href="mailto:mcn4@leicester.ac.uk" target="_blank">mcn4@leicester.ac.uk</a>></span><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im">On Fri, Jun 21, 2013 at 01:23:28PM +0200, Roberto Ortega Ramiro wrote:<br>
> Hello, I have configured freeradius for accept one host conection over host<br>
> mac address<br>
<br>
</div>On the assumtion this is an instantation of 'files', then the<br>
format for the file would be<br>
<br>
98-0c-82-b5-00-f2 Auth-Type := Accept<br>
<br>
> NAS-Port-Type = Wireless-802.11<br>
<div class="im">> Connect-Info = "CONNECT 802.11g"<br>
> EAP-Message = 0x02010010016c756e612e20626f726a61<br>
<br>
</div>However, you can't do MAC address authentication with a plain<br>
'Access-Accept' when you're doing EAP, so this isn't going to<br>
work anyway. The client won't see the Accept (this goes to the<br>
NAS) and will disconnect without an EAP Success.<br>
<br>
You probably want EAP-TLS if you want host (rather than user)<br>
based authentication on wireless.<br>
<span class=""><font color="#888888"><br></font></span></blockquote><div><br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><font color="#888888">
Matthew<br>
<br>
<br>
--<br>
Matthew Newton, Ph.D. <<a href="mailto:mcn4@le.ac.uk">mcn4@le.ac.uk</a>><br>
<br>
Systems Specialist, Infrastructure Services,<br>
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom<br>
<br>
For IT help contact helpdesk extn. 2253, <<a href="mailto:ithelp@le.ac.uk">ithelp@le.ac.uk</a>><br>
</font></span><div class=""><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><span style="font-family:arial;font-size:small">-- </span><br style="font-family:arial;font-size:small"><span style="font-family:arial;font-size:small">Un saludo.</span><br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">____________________</span><br style="font-family:arial;font-size:small"><br style="font-family:arial;font-size:small"><span style="font-family:arial;font-size:small">Roberto Ortega</span><br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Profesor de Informática.</span><br style="font-family:arial;font-size:small"><a href="http://www.proyectoret.es/" style="color:rgb(17,85,204);font-family:arial;font-size:small" target="_blank">http://www.proyectoret.es</a><br style="font-family:arial;font-size:small">
<br style="font-family:arial;font-size:small"><span style="font-family:arial;font-size:small">Escuelas San José Valencia</span><br style="font-family:arial;font-size:small"><span style="font-family:arial;font-size:small">Avd.Cortes Valencianas nº1</span><br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">46015 Valencia</span><br style="font-family:arial;font-size:small"><span style="font-family:arial;font-size:small">R4600489A</span><br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Tf:963499011 ext. 262</span><br style="font-family:arial;font-size:small"><span style="font-family:arial;font-size:small">Fax:963488835</span><br style="font-family:arial;font-size:small">
<a href="http://www.escuelassj.com/" style="color:rgb(17,85,204);font-family:arial;font-size:small" target="_blank">http://www.escuelassj.com</a><br style="font-family:arial;font-size:small"><br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">No imprimas este correo si no es necesario. Protejamos el medio ambiente.</span><br></div>
</div></div></div>