Plain Mac-Auth - server accepts but client does not connect
mus3 at lehigh.edu
Tue Jan 12 21:55:52 CET 2016
-----BEGIN PGP SIGNED MESSAGE-----
On 01/04/2016 05:56 PM, Matthew Newton wrote:
> On Mon, Jan 04, 2016 at 10:38:24PM +0000, Michael Linder wrote:
>> When I attempt to join the network from the phone, I am prompted for 802.1X credentials. If
>> I type no credentials, the server won't handle the request at all. If I type something into
>> one or both of the credentials fields, the server handles the request and displays "Auth-Type
>> = Accept, accepting the user" and "Sending Access-Accept of id 7 to 22.214.171.124 port
>> 58063", but my phone does not join the network.
> You can't do plain MAC auth with wireless - you must use EAP.
> You could check mac address as well (but really, these days it's probably not worth it), but
> not on its own.
> If you want to authenticate the device then EAP-TLS is the way to go. But at least it won't
> break when the devices decide to change their MAC addresses, as so many are starting to do
> randomly these days.
I'm curious about your assertion. I'm just starting to deploy FreeRADIUS in order to do mac auth
for a wireless network (Aruba), and I've been following:
which seems to contradict your claim. I'm curious if I am misunderstanding something.
LTS - Network Analyst
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Freeradius-Users