On 01/12/2016 04:43 PM, Arran Cudbard-Bell wrote:
That means that FreeRadius can't be used at all to allow devices that don't support EAP (smart TVs, wireless sensors, etc) to join any SSID? Is the wiki wrong or am I missing the clarification in the documentation?
Mac-Auth can be used to authorize users for open wireless networks, or networks wireless secured by a PSK.
It doesn't generate keying material so can't be used for WPA[2]-Enterprise
-Arran
I see what you're saying. I've been reading this thread from last year: http://lists.freeradius.org/pipermail/freeradius-users/2015-January/075146.h... And this seems to be what people do, or at least how vendors are implementing radius-backed mac-auth in their hardware. TL;DR, the NAS generates an EAP-MD5 packet with the MAC address as the username and password.
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Munroe Sollog LTS - Network Analyst x85002