EAP used for plain MAC authentication?

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Jan 5 13:03:36 CET 2015


Hi,

> Personally I think this is idiotic at best, and insecure at worst.
> In particular, if the requests don't contain an attribute to
> distinguish between EAP-based MAC-auth and real user-based EAP - and
> some vendors don't - a real user can just set their username and
> password to their MAC address and waltz right in.

tell me about it...we've got about 47 lines of unlang/script to stop
that sort of thing :/
(we have a known set of switches/locations where MAB is in use)

alan


More information about the Freeradius-Users mailing list