FR Using MAC Authentication
Alan DeKok
aland at deployingradius.com
Fri May 8 17:45:49 CEST 2009
Steve Wu wrote:
> I want my wireless clients to do MAC authentication via the FR box. I
> have setup my users file to auth two of my test laptops:
>
> 000E35-84610A Auth-Type := Local, User-Password == "esradius"
> 00215C-08B25D Auth-Type := Local, User-Password == "esradius"
Those entries are wrong, even in 1.1.7. You should use:
000E35-84610A Cleartext-Password := "000E35-84610A"
...
> When either tries to connect up, in the FR debug I see:
>
> rad_recv: Access-Request packet from host 10.10.18.241:2160, id=7, length=53
> User-Name = "00215c-08b25d"
> User-Password = "00215c-08b25d"
Which doesn't match the password you put into the "users" file.
> Why is the User-Password the MAC address and not what is specified in
> the users file? I have only tweaked the users and clients.conf files.
Maybe you're not clear on what's happening. The *NAS* is sending the
packet containing that User-Password attribute. The RADIUS server has
no control over that.
The RADIUS server is supposed to look at that password, and see if
it's valid. The configuration I showed above will tell the server to do
that.
Alan DeKok.
More information about the Freeradius-Users
mailing list