MAC or user auth

CoMeC comec at
Wed Dec 12 13:37:56 CET 2007


Sorry for unsufficent informations. :)

For both authentifications methods there will be 2 separate NAS (one for
username/pass auth and one for MAC auth)

As NAS I will use Mikrotik routers.

The thing is
- router will lease DHCP Address to a clients machine.
- router sends Calling-Station-id Attribute in Access-Request, so I know
the client's MAC

In radcheck I have for example a user "John" with attribute
Calling-Station-id := MAC
I would like freeradius to ignore username and only check table for MAC.
If he found a valid MAC, then it knows that the user is "John" and it can
send an Access-Accept with parameters.

I know that radius can authenticate a Username with MAC. 
But how to make radius ignores the username?

So, if Radius found no Calling-Station-id:=MAC attribute, and it has got
Username, then it has to authenticate user using username and password. :)

Is it possible? And if not would you advice me another solution?


Best regards,

CoMeC :)

On Wed, 12 Dec 2007 13:13:34 +0100, "Edvin Seferovic"
<edvin.seferovic at> wrote:
>>Authorization via MAC Address (with no username required)
> This is being done by your NAS ! Username is usually the MAC address.
>> if the machine is using a valid IP Address, it is automatically allowed
> to
> surf.
>> (I know there is a Calling-Station-id attribute in radcheck)
> IP address has to be given by DHCP or your NAS. FreeRADIUS has nothing to
> do
> with the firewall rules ( NAT etc ).
>>But I need also a support for username/password authentification (via
> WWW)
> too.
> This also depends on your NAS !
>>When I try to log in only with MAC, I get a Radius responce "no
> username",
>>and the machine is denied.
> Run freeradius in debug mode ( freeradius -X ) and see what attribute is
> used for MAC address and use it as i.e. username.
> You should send us more information about your NAS. Nobody will be able
> help you in other case.
> Regards,
> E:S
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list