Mac-auth. authorized_macs file sintax

Arran Cudbard-Bell a.cudbardb at
Fri Jun 21 14:10:10 CEST 2013

On 21 Jun 2013, at 12:55, Matthew Newton <mcn4 at> wrote:

> On Fri, Jun 21, 2013 at 01:23:28PM +0200, Roberto Ortega Ramiro wrote:
>> Hello, I have configured freeradius for accept one host conection over host
>> mac address
> On the assumtion this is an instantation of 'files', then the
> format for the file would be
> 98-0c-82-b5-00-f2    Auth-Type := Accept
>>    NAS-Port-Type = Wireless-802.11
>>    Connect-Info = "CONNECT 802.11g"
>>    EAP-Message = 0x02010010016c756e612e20626f726a61
> However, you can't do MAC address authentication with a plain
> 'Access-Accept' when you're doing EAP, so this isn't going to
> work anyway. The client won't see the Accept (this goes to the
> NAS) and will disconnect without an EAP Success.
> You probably want EAP-TLS if you want host (rather than user)
> based authentication on wireless.

Yes.. but the files module still should be returning noop if there's valid entry for that key value.

and you can do:

if (!noop) {
	update control {
		Auth-type := Accept

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list