I guess I was too quick to call it, and it looks like the problem is still on the NAS. You will see that the client first gets access using the MAC address as the CSID, but at some point, the client or NAS decieded to re-auth but this time using the IP address that the client had acquired. It's doesn't look like it's associated with the reauthentication period as that is set to 1 hour and the issue occurred within about 10 minutes. I'm pretty sure this has nothing to do with radius and everything to do with my switch config, so sorry if this post is inappropriate. rad_recv: Accounting-Request packet from host 192.168.1.254 port 49154, id=0, length=112 User-Name = "0010182b9065" NAS-IP-Address = 192.168.1.254 NAS-Port = 24 Called-Station-Id = "00-1A-70-8B-2B-8C" Calling-Station-Id = "00-10-18-2B-90-65" Acct-Status-Type = Start Acct-Session-Id = "0500002D" Acct-Authentic = Local NAS-Port-Type = Ethernet +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 24,Client-IP-Address = 192.168.1.254,NAS-IP-Address = 192.168.1.254,Acct-Session-Id = "0500002D",User-Name = "0010182b9065"' [acct_unique] Acct-Unique-Session-ID = "42587646b94a35b4". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "0010182b9065", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.1.254/detail-20110622 [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.1.254/detail-20110622 [detail] expand: %t -> Wed Jun 22 09:15:40 2011 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{User-Name} -> 0010182b9065 ++[radutmp] returns ok [attr_filter.accounting_response] expand: %{User-Name} -> 0010182b9065 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 0 to 192.168.1.254 port 49154 Finished request 7. Cleaning up request 7 ID 0 with timestamp +60184 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 192.168.1.254 port 49154, id=0, length=97 User-Name = "admin" NAS-IP-Address = 192.168.1.254 Called-Station-Id = "192.168.1.254" Calling-Station-Id = "192.168.1.118" Acct-Status-Type = Stop Acct-Session-Id = "0500002C" Acct-Authentic = Local Acct-Session-Time = 1280 Acct-Terminate-Cause = Idle-Timeout +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 192.168.1.254,NAS-IP-Address = 192.168.1.254,Acct-Session-Id = "0500002C",User-Name = "admin"' [acct_unique] Acct-Unique-Session-ID = "0f743b391350fbbb". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "admin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.1.254/detail-20110622 [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.1.254/detail-20110622 [detail] expand: %t -> Wed Jun 22 09:25:47 2011 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{User-Name} -> admin rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! ++[radutmp] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> admin attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 0 to 192.168.1.254 port 49154 Finished request 8. Cleaning up request 8 ID 0 with timestamp +60791 Going to the next request Ready to process requests. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MAC-auth-bypass-with-freeradius-open... Sent from the FreeRadius - User mailing list archive at Nabble.com.