21 Apr
2015
21 Apr
'15
9:16 p.m.
2015-04-21 23:00 GMT+02:00 Brendan Kearney <bpk678@gmail.com>:
my switch (cisco sg500) will identify that a client does not support .1x and will provide the mac address as the username and password in an EAP message. because it is an EAP message, i can leverage the Calling-Station-Id attribute, and distinguish user auth vs. mac auth bypass with the "if (EAP-Message)" statement.
So the only difference between a user/pass access-request package and one for mac bypass is just that the mac bypass contains the mac address as the username and password? If so, why don't you add a "user" for these mac addresses into your ldap just like you did with real users?