Hello masters! I'm trying to use a freeradius server 3 (running on CentOS7) with my ruckus AP (model R610). I followed this wiki article, specifically this two topics below to configure it properly: https://wiki.freeradius.org/guide/mac-auth#plain-mac-auth https://wiki.freeradius.org/guide/mac-auth#additional-modifications_mac-auth... I'm trying to log to my WLAN with my phone. It's MAC is already in the "authorized_macs" file (/etc/raddb/authorized_macs), and the server is receiving it's requests. I can see my phone's MAC Address, my AP MAC Address, the AP SSID, and some other stuff. Problem is, I still get rejected. For more than three days I've been trying to make it work like that, but still no progress, so I thought it was better to consult the experts. Here's the output of the radiusd -X command. I put the line numbers so it would be easier to locate or reference something. The first "reject" I get is on line 72: 1 (0) Received Access-Request Id 47 from 10.85.0.222:40680 to 10.85.2.46:1812 length 197 2 (0) User-Name = "70-4d-7b-53-cb-38" 3 (0) User-Password = "70-4d-7b-53-cb-38" 4 (0) Calling-Station-Id = "70-4D-7B-53-CB-38" 5 (0) NAS-IP-Address = 10.85.0.222 6 (0) Called-Station-Id = "90-3A-72-65-47-AC:PMJG-AD-ACC" 7 (0) Service-Type = Framed-User 8 (0) NAS-Port-Type = Wireless-802.11 9 (0) NAS-Identifier = "90-3A-72-65-47-AC" 10 (0) Ruckus-SSID = "PMJG-AD-ACC" 11 (0) Message-Authenticator = 0x5d564ee23f2090acd3bc2002e4b8a23b 12 (0) # Executing section authorize from file /etc/raddb/sites-enabled/default 13 (0) authorize { 14 (0) policy filter_username { 15 (0) if (&User-Name) { 16 (0) if (&User-Name) -> TRUE 17 (0) if (&User-Name) { 18 (0) if (&User-Name =~ / /) { 19 (0) if (&User-Name =~ / /) -> FALSE 20 (0) if (&User-Name =~ /@[^@]*@/ ) { 21 (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE 22 (0) if (&User-Name =~ /\.\./ ) { 23 (0) if (&User-Name =~ /\.\./ ) -> FALSE 24 (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { 25 (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE 26 (0) if (&User-Name =~ /\.$/) { 27 (0) if (&User-Name =~ /\.$/) -> FALSE 28 (0) if (&User-Name =~ /@\./) { 29 (0) if (&User-Name =~ /@\./) -> FALSE 30 (0) } # if (&User-Name) = notfound 31 (0) } # policy filter_username = notfound 32 (0) policy rewrite_called_station_id { 33 (0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) { 34 (0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE 35 (0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) { 36 (0) update request { 37 (0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} 38 (0) --> 90-3A-72-65-47-AC 39 (0) &Called-Station-Id := 90-3A-72-65-47-AC 40 (0) } # update request = noop 41 (0) if ("%{8}") { 42 (0) EXPAND %{8} 43 (0) --> PMJG-AD-ACC 44 (0) if ("%{8}") -> TRUE 45 (0) if ("%{8}") { 46 (0) update request { 47 (0) EXPAND %{8} 48 (0) --> PMJG-AD-ACC 49 (0) &Called-Station-SSID := PMJG-AD-ACC 50 (0) } # update request = noop 51 (0) } # if ("%{8}") = noop 52 (0) [updated] = updated 53 (0) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated 54 (0) ... skipping else: Preceding "if" was taken 55 (0) } # policy rewrite_called_station_id = updated 56 (0) policy rewrite_calling_station_id { 57 (0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { 58 (0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE 59 (0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { 60 (0) update request { 61 (0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} 62 (0) --> 70-4D-7B-53-CB-38 63 (0) &Calling-Station-Id := 70-4D-7B-53-CB-38 64 (0) } # update request = noop 65 (0) [updated] = updated 66 (0) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated 67 (0) ... skipping else: Preceding "if" was taken 68 (0) } # policy rewrite_calling_station_id = updated 69 (0) if (!ok) { 70 (0) if (!ok) -> TRUE 71 (0) if (!ok) { 72 (0) [reject] = reject 73 (0) } # if (!ok) = reject 74 (0) } # authorize = reject 75 (0) Using Post-Auth-Type Reject 76 (0) # Executing group from file /etc/raddb/sites-enabled/default 77 (0) Post-Auth-Type REJECT { 78 (0) attr_filter.access_reject: EXPAND %{User-Name} 79 (0) attr_filter.access_reject: --> 70-4d-7b-53-cb-38 80 (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 81 (0) [attr_filter.access_reject] = updated 82 (0) [eap] = noop 83 (0) policy remove_reply_message_if_eap { 84 (0) if (&reply:EAP-Message && &reply:Reply-Message) { 85 (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE 86 (0) else { 87 (0) [noop] = noop 88 (0) } # else = noop 89 (0) } # policy remove_reply_message_if_eap = noop 90 (0) } # Post-Auth-Type REJECT = updated 91 (0) Delaying response for 1.000000 seconds 92 Waking up in 0.3 seconds. 93 Waking up in 0.6 seconds. 94 (0) Sending delayed response 95 (0) Sent Access-Reject Id 47 from 10.85.2.46:1812 to 10.85.0.222:40680 length 20 96 Waking up in 3.9 seconds. 97 (0) Cleaning up request packet ID 47 with timestamp +11 Greetings, -- Victor B. C.