i personally think that it's completely useless. implementing EAP or MAC authentication, meaning that one of both would work, is a huge security hole and requiring both is useless since EAP authentication implicitly filters away everything unauthenticated... (even if i understand that might be necessary for current WiFi phones, etc., please be aware that under linux you can actually change the MAC address with one command...) ciao artur On 6/13/05, Alan DeKok <aland@ox.org> wrote:
"Jefri bin Dahari" <jeff@mimos.my> wrote:
I plan to implement simultaneous MAC+EAP authentication for my wireless users. From my observation, Freeradius can only do either MAC or EAP but not MAC and EAP authentication. Can somebody gives me some hints on how to do that?
It can do both. EAP is authentication, MAC checking isn't really authentication.
What are you seeing in RADIUS packets, and what do you want to happen?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html