MAC address auth is not 2FA because it's not an extra factor. It's more like a second password that can easily be read, sniffed of captured. It doesn't really add any security as MAC spoofing is as old as ethernet. But if you want to do it because someone demands it, read this: https://wiki.freeradius.org/guide/mac-auth Op zo 24 dec. 2023 18:10 schreef Marco Gaiarin <gaio@lilliput.linux.it>:
A consultant in a session speak about 'MAC address authentication', using Unifi APs/management software, and describing it a '2FA'.
If i understood well, enabling a specific options:
https://help.ui.com/hc/en-us/articles/115004589707-RADIUS-Based-MAC-Authenti...
i can connect suppicant to the network (via WPA2/3-Personal, so a shared secret) and then do a second-step authorization using radius, but where account are in the form 'AABBCCDDEEFF' (uppercase MAC address) and password is identical to the user.
This seems '0,5FA': 0,5 for a shared passwod, 0 for account where password is identical to username.
But effectivaly i found in google some setups like that, that really i don't understand. Someone have some clue?
This seems to me real 2FA...
https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
Thanks.
-- Vendere no, non passa tra i miei rischi, non comprate i miei dischi e sputatemi addosso. (F. Guccini)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html