Pb with Mac and EAP auth
Alan DeKok
aland at ox.org
Thu Dec 15 19:58:36 CET 2005
=?iso-8859-1?Q?Beno=EEt_Bianchi?= <benoit.bianchi at cri.uvsq.fr> wrote:
> In my users file I=92ve set a list of the mac address like
> this :
...
> "001122334455" Auth-Type := Accept
Anyone logging in with that username will get accepted.
> The problem is that when doing EAP-TTLS authentication if I set the
> mac address of one of the allowed card as the login name I am
> authenticated!!!
That's what you told it to do.
But it's still a bad idea.
> Is there a way to prevent this somehow? To specify that Auth-Type:=Accept
> is only for non EAP authentication ???
Yes. Read the "man" page for the "users" file. See the !* operator.
Alan DeKok.
More information about the Freeradius-Users
mailing list