WiFi & Mac address authentication
brainstorm
braincode at gmail.com
Wed Apr 12 15:32:55 CEST 2006
Solved the problem a couple of weeks ago... the error was actually in
eap.conf, the following two attributes were required when the MAC
check was active:
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
I set them both to yes and it worked !
Thanks for your support.
>
> Hmm. I still say you need to read and understand the docs, but try this:
>
> passwd MAC-IP {
> filename = ${raddbdir}/MAC-IP
> format = "*Calling-Station-Id:"
> delimiter = ":"
> }
>
> (...)
>
> authorize {
> preprocess
> MAC-IP {
> # If the MAC isn't in the file, the modules returns notfound
> # in that case, exit "authorize" with reject immediately
> notfound = reject
> }
> files
> eap
> }
>
> That is, have no authtype on the "passwd" module. If that doesn't work,
> you may try something like:
>
> passwd MAC-IP {
> filename = ${raddbdir}/MAC-IP
> format = "*Calling-Station-Id:~Group"
> delimiter = ":"
> }
>
> (...)
>
> authorize {
> preprocess
> MAC-IP
> files
> eap
> }
>
> /etc/raddb/MAC-IP:
>
> 00-11-22-33-44-55:FAKEGROUP
> aa-bb-cc-dd-ee-ff:FAKEGROUP
>
> /etc/raddb/users:
The DEFAULT Group is no longer necessary to make it work.
> DEFAULT Group !* ANY, Auth-Type := Reject
>
> user1 NT-Password := abcdefg...
>
> user2 NT-Password := abcdefg...
> -
More information about the Freeradius-Users
mailing list