12 Jan
2016
12 Jan
'16
6:38 p.m.
On Jan 12, 2016, at 4:47 PM, Munroe Sollog <mus3@lehigh.edu> wrote:
I see what you're saying. I've been reading this thread from last year:
http://lists.freeradius.org/pipermail/freeradius-users/2015-January/075146.h...
And this seems to be what people do, or at least how vendors are implementing radius-backed mac-auth in their hardware.
They do MAC auth only when there's no EAP, and no Macsec.
TL;DR, the NAS generates an EAP-MD5 packet with the MAC address as the username and password.
That's still Mac auth. It does NOT work for wireless. Alan DeKok.