Mac-auth. authorized_macs file sintax
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Jun 21 14:10:10 CEST 2013
On 21 Jun 2013, at 12:55, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> On Fri, Jun 21, 2013 at 01:23:28PM +0200, Roberto Ortega Ramiro wrote:
>> Hello, I have configured freeradius for accept one host conection over host
>> mac address
>
> On the assumtion this is an instantation of 'files', then the
> format for the file would be
>
> 98-0c-82-b5-00-f2 Auth-Type := Accept
>
>> NAS-Port-Type = Wireless-802.11
>> Connect-Info = "CONNECT 802.11g"
>> EAP-Message = 0x02010010016c756e612e20626f726a61
>
> However, you can't do MAC address authentication with a plain
> 'Access-Accept' when you're doing EAP, so this isn't going to
> work anyway. The client won't see the Accept (this goes to the
> NAS) and will disconnect without an EAP Success.
>
> You probably want EAP-TLS if you want host (rather than user)
> based authentication on wireless.
Yes.. but the files module still should be returning noop if there's valid entry for that key value.
and you can do:
authorize_macs
if (!noop) {
update control {
Auth-type := Accept
}
}
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list