FreeRadius MAC address authorization (no authentication)

Ramot Lubis ramot.lubis at
Fri Aug 8 04:26:48 CEST 2008

Hi, I'm trying  to implement FreeRadius to authenticate Wireless
CLient based on MAC address only, unfortunately all my wireless client
using EAP/TLS (Windows XP SP2) . I found that tutorials and doc are
not leading me to the right direction. Besides, I will not burden my
Windows XP SP2 client to search hotfix for EAP/TLS compatibility with

After digging more, I realize that Authorization using checkval module
is enough to verified valid MAC address from Wireless Client. But my
question is how can I use only Authorization where Authentication will
always return Access-Accept.

Here is my radiusd -X output:

Ready to process requests.
rad_recv: Access-Request packet from host port 1027, id=183, length=199
        User-Name = "PIDEL-3C5B30E9C\\Administrator"
        NAS-IP-Address =
        NAS-Port = 0
        Called-Station-Id = "00-1E-E5-9D-61-85:DEL_LR1"
        Calling-Station-Id = "00-21-00-0B-68-E3"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message =
        Message-Authenticator = 0x891b437263cd48909255484bb081c823
+- entering group authorize
++[preprocess] returns ok
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-21-00-0B-68-E3
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-21-00-0B-68-E3
++[checkval] returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Sending Access-Reject of id 183 to port 1027
Finished request 0.

Thanks in advance.

Ramot Lubis.

More information about the Freeradius-Users mailing list