Solved the problem a couple of weeks ago... the error was actually in eap.conf, the following two attributes were required when the MAC check was active: peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no I set them both to yes and it worked ! Thanks for your support.
Hmm. I still say you need to read and understand the docs, but try this:
passwd MAC-IP { filename = ${raddbdir}/MAC-IP format = "*Calling-Station-Id:" delimiter = ":" }
(...)
authorize { preprocess MAC-IP { # If the MAC isn't in the file, the modules returns notfound # in that case, exit "authorize" with reject immediately notfound = reject } files eap }
That is, have no authtype on the "passwd" module. If that doesn't work, you may try something like:
passwd MAC-IP { filename = ${raddbdir}/MAC-IP format = "*Calling-Station-Id:~Group" delimiter = ":" }
(...)
authorize { preprocess MAC-IP files eap }
/etc/raddb/MAC-IP:
00-11-22-33-44-55:FAKEGROUP aa-bb-cc-dd-ee-ff:FAKEGROUP
/etc/raddb/users:
The DEFAULT Group is no longer necessary to make it work.
DEFAULT Group !* ANY, Auth-Type := Reject
user1 NT-Password := abcdefg...
user2 NT-Password := abcdefg... -