On Jan 31, 2018, at 3:16 PM, Luc Paulin <paulinster@gmail.com> wrote:
Great thanx Alan, I agree that mac can be easilly spoofed, but the goal here is mainly to move the user's device to another vlan than corp and not doing authentication. We may eventually move to EAP-TLS, but this is at least a first step.
Yes I check the format and it's exacly the same ... Here's the output of the debug section for authorized_mac.
======= <------ LINES BEFORE REWRITE_CALLING_STATION_ID REMOVED --->
Including deleting the "authorized_mac" config...
And here's the authorized_macs file content [root@radius-corp-01_{{PROD}} raddb]# cat authorized_macs 18-65-90-CB-4C-69 Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized for network access"
What the heck is that? You can't just invent a configuration file format and use it. You MUST read the docs. So.. what is the "authorized_macs" module? How did you configure it? Why do you think that putting random things into it will make it do what you want? Alan DeKok.