rad_recv: Access-Request packet from host 10.10.10.139:6001, id=7, length=115
User-Name = "00-18-de-4e-8f-1d"
User-Password = "secret"
NAS-IP-Address = x.x.x.139
Called-Station-Id = "00-20-a6-64-66-a3:A"
Calling-Station-Id = "00-18-de-4e-8f-1d"
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
I have this entry in my users file :
00-18-de-4e-8f-1d Auth-Type:=Local, User-Password == "secret"
Is this correct(right) way to control MAC addresses thought radius?
This will work fine considering that mac address will not be used for mschap eap etc. Correct way is not to use Auth-Type and use Cleartext-Password with := as operator (if this is a recent Freeradius version).
Another question is : what is correct way to separate two types(MAC&PEAP) of requests to radius server?
There is nothing to do. mac auth wil be a pap request (like the one you posted) and peap will be an eap request. So, your AP will do that for you.
At this moment I have situation when my MAC request tries to authorize thought LDAP and only afterward looks in users file.
Upgrade to 2.0.2. Than you can process pap and eap requests differently. Ivan Kalik Kalik Informatika ISP