BYOD and base on MAC
Alan DeKok
aland at deployingradius.com
Wed Jan 31 21:22:15 CET 2018
On Jan 31, 2018, at 3:16 PM, Luc Paulin <paulinster at gmail.com> wrote:
>
> Great thanx Alan, I agree that mac can be easilly spoofed, but the goal
> here is mainly to move the user's device to another vlan than corp and not
> doing authentication. We may eventually move to EAP-TLS, but this is at
> least a first step.
>
> Yes I check the format and it's exacly the same ... Here's the output of
> the debug section for authorized_mac.
>
> =======
> <------ LINES BEFORE REWRITE_CALLING_STATION_ID REMOVED --->
Including deleting the "authorized_mac" config...
>
> And here's the authorized_macs file content
> [root at radius-corp-01_{{PROD}} raddb]# cat authorized_macs
> 18-65-90-CB-4C-69
> Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized
> for network access"
What the heck is that?
You can't just invent a configuration file format and use it. You MUST read the docs.
So.. what is the "authorized_macs" module? How did you configure it? Why do you think that putting random things into it will make it do what you want?
Alan DeKok.
More information about the Freeradius-Users
mailing list