MAC authentication bypass --- How am I supposed to?edit?theusers file to include multiple MAC addresses??
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Dec 21 10:15:15 CET 2009
Hi,
> > yep - but a user could just as easily log in with the user-name of
> > 00:11:22:33:44:55 ;-)
> >
> Not when you say !EAP-Message too :)
...and how does that stop, lets just say for example, some user coming
along with 802.1X configured on their wired interface and logging it
with 00:11:22:33:44:55 as their user-name with EAP-MD5 ? ;-)
> Bah, I wrote a "you have to jump this high to connect to the Intertubes"
> document for work. The venduhs cannot even get past the tendering phase
> now :)
>
> Although it does nothing about the legacy guff, it stops new guff
> connecting.
thats true in so much that it controls those things...but lets more evil
people on due to it being a nice new hole. oh well.
alan
More information about the Freeradius-Users
mailing list