Open+ MAC authentication failed.

Tzvika Gelber daragaard at
Sun Dec 9 15:10:23 CET 2012


I'm trying to have a WiFi client to be authenticated in the OPEN+MAC method
The AP is already known as a client of the Freeradius and any other form of
Radius authentication i tried worked so far (WPA, WPA2)
I'm using PEAP and the clients are Windows XP (if it makes any difference)

I created a new user with the MAC address of the client as the user and
password :

(this is a none internet connected client)
###this is for OPEN+MAC AUTH
00C0CA32A157 Cleartext-Password := "00C0CA32A157"

and i keep getting this error when it's trying to get the IP from the DHCP

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address port 18120 as server
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host port 55965, id=5,
        User-Name = "00c0ca32a157"
        User-Password = "00c0ca32a157"
        Calling-Station-Id = "00-C0-CA-32-A1-57"
        NAS-IP-Address =
        Called-Station-Id = "00-18-25-02-11-D2:103-mac"
        Service-Type = Framed-User
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 0
        Framed-MTU = 1400
# Executing section authorize from file
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "00c0ca32a157", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 00c0ca32a157
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 5 to port 55965
Waking up in 4.9 seconds.
Cleaning up request 0 ID 5 with timestamp +12
Ready to process requests.

what am i missing? or (however unlikely) freeradius does not support this
type of authentication any more?

Thank you
Sometimes you just glow in the dark...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list