I'm trying to have a WiFi client to be authenticated in the OPEN+MAC method The AP is already known as a client of the Freeradius and any other form of Radius authentication i tried worked so far (WPA, WPA2)
I'm using PEAP and the clients are Windows XP (if it makes any difference)
I created a new user with the MAC address of the client as the user and password :
(this is a none internet connected client)
###this is for OPEN+MAC AUTH 00C0CA32A157 Cleartext-Password := "00C0CA32A157" #######
and i keep getting this error when it's trying to get the IP from the DHCP
Listening on authentication address * port 1812
Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.10.10.3 port 55965, id=5, length=128
User-Name = "00c0ca32a157" User-Password = "00c0ca32a157" Calling-Station-Id = "00-C0-CA-32-A1-57" NAS-IP-Address = 10.10.10.3 Called-Station-Id = "00-18-25-02-11-D2:103-mac"
Service-Type = Framed-User NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Framed-MTU = 1400 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...}
++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "00c0ca32a157", looking up realm NULL [suffix] No such realm "NULL"
++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 00c0ca32a157 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds
Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 5 to 10.10.10.3 port 55965 Waking up in 4.9 seconds. Cleaning up request 0 ID 5 with timestamp +12
Ready to process requests.
what am i missing? or (however unlikely) freeradius does not support this type of authentication any more?