pfSense with freeRadius and CHAP

Arran Cudbard-Bell a.cudbardb at
Thu Oct 6 11:44:17 CEST 2011

On 6 Oct 2011, at 11:26, Mark wrote:

> Hi all,
> I have a weird problem, as  you can see in the log below the client can successfully authenticate once and after that fails. The network structure is:
> 1)      pfSense with freeRadius as firewall, authentication and accounting server
> 2)      A HP ProCurve 2626 with MAC based port access
> 3)      A wireless access point

00026f898b64 != 00026f898b62

The second request has the Mac-Address 00026f898b64, the users file only contains an entry for 00026f898b62... Coffee coffee coffee...

Mac-Auth just uses the SRC address in the first Ethernet frame is sees. If your machine is sending packets with different SRC macs, then you'll have a race condition. Usually only happens if it's running vmware with bridge connections, but could also be NIC drivers or windows/linux just being weird.

Don't rule out the ProCurve switch either, security features are still very buggy.

Arran Cudbard-Bell
a.cudbardb at

Betelwiki, Betelwiki, Betelwiki.... !

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list