Ok. Can you pls help with procedure for configuring pre-login on Windows for 802.1x? Windows is sending packets to RADIUS as host/machine-name.domain. I would like to have a dedicated userid/password configured on windows for pre-login machine authentication.

'Tunde Ogedengbe

On 8 Feb 2013 13:18, "Phil Mayers" <p.mayers@imperial.ac.uk> wrote:
On 08/02/13 12:52, Tunde Ogedengbe wrote:

see from the log that the MAC addresses is checked and OK.  But there is
an [eap] returns reject just after the mac address was successfully
checked.  I guess I need a way to get radius to force an EAP accept
after successful checking of the MAC addresses.

This doesn't work. You can't "force accept" of an EAP session. The protocol is challenge/response and must complete correctly at both ends.

Your approach won't work.

Instead, you must configure pre-login 802.1x authentication correct on the Windows side, either using machine credentials or user creds.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html