WiFi & Mac address authentication
Guillaume
guillaume.chardin at gmail.com
Thu Apr 13 12:11:28 CEST 2006
thanks for your help, i'll try this asap and provide feedback.
2006/4/12, brainstorm <braincode at gmail.com>:
> Solved the problem a couple of weeks ago... the error was actually in
> eap.conf, the following two attributes were required when the MAC
> check was active:
>
> peap: copy_request_to_tunnel = no
> peap: use_tunneled_reply = no
>
> I set them both to yes and it worked !
>
> Thanks for your support.
>
> >
> > Hmm. I still say you need to read and understand the docs, but try this:
> >
> > passwd MAC-IP {
> > filename = ${raddbdir}/MAC-IP
> > format = "*Calling-Station-Id:"
> > delimiter = ":"
> > }
> >
> > (...)
> >
> > authorize {
> > preprocess
> > MAC-IP {
> > # If the MAC isn't in the file, the modules returns notfound
> > # in that case, exit "authorize" with reject immediately
> > notfound = reject
> > }
> > files
> > eap
> > }
> >
> > That is, have no authtype on the "passwd" module. If that doesn't work,
> > you may try something like:
> >
> > passwd MAC-IP {
> > filename = ${raddbdir}/MAC-IP
> > format = "*Calling-Station-Id:~Group"
> > delimiter = ":"
> > }
> >
> > (...)
> >
> > authorize {
> > preprocess
> > MAC-IP
> > files
> > eap
> > }
> >
> > /etc/raddb/MAC-IP:
> >
> > 00-11-22-33-44-55:FAKEGROUP
> > aa-bb-cc-dd-ee-ff:FAKEGROUP
> >
> > /etc/raddb/users:
>
> The DEFAULT Group is no longer necessary to make it work.
>
> > DEFAULT Group !* ANY, Auth-Type := Reject
> >
> > user1 NT-Password := abcdefg...
> >
> > user2 NT-Password := abcdefg...
> > -
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list