Problem with MAC authorization..(again)

[Sunardo Panjaitan]

i'm sos sorry to ask again..
This problem 've already discussed in  FreeRadius MAC address authorization (http://lists.cistron.nl/pipermail/freeradius-users/2008-August/msg00155.html).

I'm using Fedora core 6, freeRadius 2.1.3 (installed from source code tarball)And use linksys WAP4400 as Access Point.

i got guide from http://wiki.freeradius.org/Mac-Auth....
this is my configuration


raddb/policy.conf 


rewrite_calling_station_id {
	if("%{request:Calling-Station-Id}" =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
		update request {
			Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
		}
	}
	else {
		noop
	}
}


raddb/client.conf 
client 10.1.0.6 {
	secret		= testing123
	nastype   	= other
	shortname	= tk03
}
client 10.1.0.0/24 {
#	# secret and password are mapped through the "secrets" file.
	secret      = testing123
	nastype   = other
	shortname   = tk03
}
client silimbat.win2k.del.ac.id{
	secret		= testing123
	shortname	= tk03
}
raddb/modules/mschap
Ganti nilai use_mppe = no menjadi use_mppe = yes. Uncomment require_encryption = yes dan require_strong = yes.

mschap {
	use_mppe = yes
	require_encryption = yes
	require_strong = yes
}
raddb/modules/file 

# files authorized_macs
files {
        # The default key attribute to use for matches.  The content
        # of this attribute is used to match the "name" of the
        # entry.
        key = "%{Calling-Station-ID}"

        usersfile = ${confdir}/authorized_macs

        #  If you want to use the old Cistron 'users' file
        #  with FreeRADIUS, you should change the next line
        #  to 'compat = cistron'.  You can the copy your 'users'
        #  file from Cistron.
        compat = no
}

raddb/sites-available/default authorize{} 
#
# (Optional) May help if your NAS doesn't let you specify separators for the User-Name value
#

#rewrite_calling_station_id

#
# Machine (Calling-Station-ID based) authentication
#
# RFC 2865 says that a Service-Type value of Call Check is used
# to specify this kind of authentication (though were now dealing with ethernet ports instead of lines).
#
if(Service-Type == 'Call-Check'){
	update control {
		Auth-Type = 'CSID'
	}
}
raddb/sites-available/default authenticate{} 
#
# Authentication based on Calling-Station-ID
#      
# Calling-Station-ID authentication is usually done by comparing normalised
# forms of the Calling-Station-ID and User-name fields.
#
Auth-Type CSID {
	if(User-Name =~ /^%{Calling-Station-ID}$/i){
		#
		# Optionally a CHAP-Password attribute is included which is
		# md5(ChapID + Calling-Station-ID + Request Authenticator).
		#
		if(Chap-Password){
			update control {
				Cleartext-Password := "%{User-Name}"
			}
			chap
		}
		else{
			ok  
		}  
	}
	else{
		reject
	}
}

raddb/sites-available/default post-auth{} 
if("%{control:Auth-Type}" == 'CSID'){
	# Authorization happens here
	authorized_macs.authorize
	if(notfound){
		reject
	}
}

raddb/authorized_macs 

# MAC_address Auth-Type
00-1C-BF-10-EA-34 Auth-Type := Accept
00-1E-E5-9D-64-32 Auth-Type := Accept
00-1D-E0-5E-E2-3B Auth-Type := Accept
00-1B-9E-32-E4-DE Auth-Type := Accept

This the output of radiusd -X :
rad_recv: Access-Request packet from host 10.1.0.6 port 1024, id=5, length=139
        NAS-IP-Address = 10.1.0.6
        NAS-Port = 0
        Called-Station-Id = "00-1E-E5-9D-64-B1:TK_03"
        Calling-Station-Id = "00-1B-9E-32-E4-DE"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0201000501
        Message-Authenticator = 0x60827fcdaecda43af294e5ad9cc9fc5e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Proxy reply, or no User-Name.  Ignoring.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 5
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns noop
[files]         expand: %{Calling-Station-ID} -> 00-1B-9E-32-E4-DE
[files] users: Matched entry 00-1B-9E-32-E4-DE at line 4
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [<no User-Name attribute>/<via Auth-Type = Accept>] (from client tk03 port 0 cli 00-1B-9E-32-E4-DE)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 5 to 10.1.0.6 port 1024
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 5 with timestamp +23

But the client can't connect.Anybody can help me???