Mac-auth. authorized_macs file sintax

Matthew Newton mcn4 at
Fri Jun 21 13:55:36 CEST 2013

On Fri, Jun 21, 2013 at 01:23:28PM +0200, Roberto Ortega Ramiro wrote:
> Hello, I have configured freeradius for accept one host conection over host
> mac address

On the assumtion this is an instantation of 'files', then the
format for the file would be

98-0c-82-b5-00-f2    Auth-Type := Accept

>     NAS-Port-Type = Wireless-802.11
>     Connect-Info = "CONNECT 802.11g"
>     EAP-Message = 0x02010010016c756e612e20626f726a61

However, you can't do MAC address authentication with a plain
'Access-Accept' when you're doing EAP, so this isn't going to
work anyway. The client won't see the Accept (this goes to the
NAS) and will disconnect without an EAP Success.

You probably want EAP-TLS if you want host (rather than user)
based authentication on wireless.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list