MAC+EAP authentication

Artur Hecker artur.hecker at
Tue Jun 14 07:12:01 CEST 2005

i personally think that it's completely useless.

implementing EAP or MAC authentication, meaning that one of both would
work, is a huge security hole and requiring both is useless since EAP
authentication implicitly filters away everything unauthenticated...

(even if i understand that might be necessary for current WiFi phones,
etc., please be aware that under linux you can actually change the MAC
address with one command...)


On 6/13/05, Alan DeKok <aland at> wrote:
> "Jefri bin Dahari" <jeff at> wrote:
> > I plan to implement simultaneous MAC+EAP authentication for my wireless
> > users. From my observation, Freeradius can only do either MAC or EAP but not
> > MAC and EAP authentication. Can somebody gives me some hints on how to do
> > that?
>   It can do both.  EAP is authentication, MAC checking isn't really
> authentication.
>   What are you seeing in RADIUS packets, and what do you want to happen?
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list