PEAP/MSCHAPv2 bounded to a particular MAC Address

Marco Gaiarin gaio at sv.lnf.it
Thu Jan 30 17:55:55 CET 2014


Mandi! Matthew Newton
  In chel di` si favelave...

[about User-Password]
> It does, but it won't in version 3. There have been warnings in
> version 2 for years to give people notice to change it.

Ahem, evidently i've missed that.


>   - Run 'radiusd -X'
>   - do the auth that you have problems with
>   - post the entire debug output to the list.

Ok. Only a litle note. My setup works, and so i'm triyng to make it NOT
authenticate some client... eg, i've done:

in users:
	ipm1	Cleartext-Password := "pass", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Jan 28 2017 19:00:00", Huntgroup-Name := "ipm1"

in huntgroup:
	ipm1	Calling-Station-Id == "c8b5b723ecd6"

And i've deliberatly insert wrongly the MAC addess, that is
'c8b5b723ecd7', as you can see looking at the log.


So, the log report a successful authentication, but is not the intended
behaviour. ;-)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                    http://www.sv.lnf.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
	   http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeradius.log.gz
Type: application/octet-stream
Size: 12211 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140130/10deef8e/attachment-0001.obj>


More information about the Freeradius-Users mailing list