This seem to work.
Here is the output :
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[rejectmac] returns ok
++? if (ok)
? Evaluating (ok) -> TRUE
++? if (ok) -> TRUE
++- entering if (ok) {...}
+++[reject] returns reject
++- if (ok) returns reject
Invalid user: [
test@test.com] (from client mytesthost port 487 cli 0021.5c5b.8ef3)
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
test@test.comattr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 28 to 192.168.1.1 port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 28 with timestamp +165
Ready to process requests
Maybe good idea would be log the reject message (the reason of reject i.e Hacked mac address ) in the radius.log
Have a good weekend.