Joren, This is how my policy looks, could you please let me know what changes do i need to make, to make the mac-authentication work; policy { # # Rewrite called station id attribute into a standard format. # rewrite_calling_station_id { if(request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){ update request { Calling-Station-Id := "%{1}-%{2}-%{3}-%{4}-%{5}-%{6}" } } else { noop } } # # Forbid all EAP types. # forbid_eap { if (EAP-Message) { reject } } # # Forbid all non-EAP types outside of an EAP tunnel. # permit_only_eap { if (!EAP-Message) { # We MAY be inside of a TTLS tunnel. # PEAP and EAP-FAST require EAP inside of # the tunnel, so this check is OK. # If so, then there MUST be an outer EAP message. if (!"%{outer.request:EAP-Message}") { reject } } } # also my /etc/raddb/users file looks like this; DEFAULT Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Service-Type = Framed-User, Fall-Through = Yes 00-1F-3C-D1-2B-6C User-Name = "subhash", Cleartext-Password = "sub@1979", Tunnel-Private-Group-ID = "17" -- View this message in context: http://freeradius.1045715.n5.nabble.com/Mac-Authorization-tp4287256p4295664.... Sent from the FreeRadius - User mailing list archive at Nabble.com.