FreeRadius MAC address authorization (no authentication)

Yawar Hadi yawarhadi at gmail.com
Fri Aug 8 07:23:02 CEST 2008


hi you can only send the Accounting requests.no access accept request to use
it.
els is you have to configure radiusd.conf in raddb for auth-type

On Fri, Aug 8, 2008 at 7:26 AM, Ramot Lubis <ramot.lubis at gmail.com> wrote:

> Hi, I'm trying  to implement FreeRadius to authenticate Wireless
> CLient based on MAC address only, unfortunately all my wireless client
> using EAP/TLS (Windows XP SP2) . I found that tutorials and doc are
> not leading me to the right direction. Besides, I will not burden my
> Windows XP SP2 client to search hotfix for EAP/TLS compatibility with
> FreeRadius.
>
> After digging more, I realize that Authorization using checkval module
> is enough to verified valid MAC address from Wireless Client. But my
> question is how can I use only Authorization where Authentication will
> always return Access-Accept.
>
>
> Here is my radiusd -X output:
>
>
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.0.0.2 port 1027, id=183,
> length=199
>        User-Name = "PIDEL-3C5B30E9C\\Administrator"
>        NAS-IP-Address = 10.0.0.2
>        NAS-Port = 0
>        Called-Station-Id = "00-1E-E5-9D-61-85:DEL_LR1"
>        Calling-Station-Id = "00-21-00-0B-68-E3"
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = "CONNECT 11Mbps 802.11b"
>        EAP-Message =
> 0x0201002201504944454c2d3343354233304539435c41646d696e6973747261746f72
>        Message-Authenticator = 0x891b437263cd48909255484bb081c823
> +- entering group authorize
> ++[preprocess] returns ok
> ....
> ....
> rlm_sql (sql): Released sql socket id: 4
> ++[sql] returns ok
> rlm_checkval: Item Name: Calling-Station-Id, Value: 00-21-00-0B-68-E3
> rlm_checkval: Value Name: Calling-Station-Id, Value: 00-21-00-0B-68-E3
> ++[checkval] returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Sending Access-Reject of id 183 to 10.0.0.2 port 1027
> Finished request 0.
>
>
>
>
>
>
> Thanks in advance.
>
> Ramot Lubis.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Yawar Hadi Noshahi

QAU Islamabad (+92-0300-5504798)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080808/4b68990b/attachment.html>


More information about the Freeradius-Users mailing list