[authorized_macs.authorize] returns noop

Alexander Clouter alex at digriz.org.uk
Fri Jan 7 09:21:37 CET 2011

Nagaraj Panyam <pn at tifr.res.in> wrote:
> In my previous mail while asking for help, I did not fully explain what 
> I wanted to configure.
> So here goes: I want to configure freeradius to setup MAC based 
> authentication for laptops and hand held devices in my organization.
> My first preference is to make it purely MAC based and paswordless.
You are not reading what we have been telling you, please re-read the 
replies in this thread. You *cannot* do mac-auth on 802.1X networks, 
period, end of story, game-over, FIN.

WPA Enterprise enabled wireless networks *are* 802.1X networks, so you 
cannot do mac-auth.  The request your RADIUS server is receiving (that 
you have given below) is a 802.1X request because it has an EAP-Message 

What you want to do cannot be done.

> ------ Debug output:
> rad_recv: Access-Request packet from host port 3072, id=35, length=175
>        User-Name = "TEST\\test"
>        NAS-IP-Address =
>        NAS-Port = 0
>        Called-Station-Id = "001f1fd74ce9"
>        Calling-Station-Id = "001a734337c9"
>        NAS-Identifier = "Realtek Access Point. 8181"
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        Service-Type = Framed-User
>        Connect-Info = "CONNECT 11Mbps 802.11b"
>        EAP-Message = 0x0200000e01544553545c74657374
>        Message-Authenticator = 0x0fc7203c788350352965da25a7a1049e

Alexander Clouter
.sigmonster says: Illegally parked cars will be towed at owner's expense.

More information about the Freeradius-Users mailing list