RADIUS MAC Authentication

Van Der Westhuizen, Eldridge (Mr) (Summerstrand Campus North) Eldridge.VanDerWesthuizen at nmmu.ac.za
Thu Nov 2 10:03:47 CET 2006

Hi All
Need some advice please.  Using Mikrotik as a NAS.  Wireless clients
connect to Mikrotik and i've got RADIUS MAC authentication setup on the
Mikrotik.  So all the clients MAC addresses are sent to the FreeRadius
box in format 00:00:00:00:00:00 (which is the username) and blank
password.  So in the freeradius mysql db, i've got the following:
In the radcheck table, i've got the mac as the username and blank
password.  In usergroup, i link the mac username to a group called
Wireless.  In Radgroupcheck i've got an entry for the Wireless group and
telling it Auth-Type := Local.  In Radgroupreply i only pass a
service-type attribute for the wireless group with framed-user as value.
Authentication seems to happen okay.  In the radpostauth, i get an entry
for the username, chap password authentication and access-accept
message.  The wireless client connect and get a DCHP ip from a pool in
the Mikrotik NAS.  
Question: Is it possible to see which mac addresses/usernames got
access-reject messages?  I did take my mac out of the list and couldn't
connect, but didn't get any messages in the radpostauth table.  
Also, i'm not getting any accounting in the accounting table.  Do you
only get accounting from making a PPP connection?  Or is it possible to
do RADIUS MAC authentication and get accounting detail from the session?

Any help would be appreciated.
NOTICE: Please note that this eMail, and the contents thereof,  
is subject to the standard NMMU eMail disclaimer which may be found at:  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061102/d14384ce/attachment.html>

More information about the Freeradius-Users mailing list