BYOD and base on MAC

Alan DeKok aland at
Wed Jan 31 21:22:15 CET 2018

On Jan 31, 2018, at 3:16 PM, Luc Paulin <paulinster at> wrote:
> Great thanx Alan, I agree that mac can be easilly spoofed, but the goal
> here is mainly to move the user's device to another vlan than corp and not
> doing authentication. We may eventually move to EAP-TLS, but this is at
> least a first step.
> Yes I check the format and it's exacly the same ... Here's the output of
> the debug section for authorized_mac.
> =======

  Including deleting the "authorized_mac" config...
> And here's the authorized_macs file content
> [root at radius-corp-01_{{PROD}} raddb]# cat authorized_macs
> 18-65-90-CB-4C-69
> Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized
> for network access"

  What the heck is that?

  You can't just invent a configuration file format and use it.  You MUST read the docs.

  So.. what is the "authorized_macs" module?  How did you configure it?  Why do you think that putting random things into it will make it do what you want?

  Alan DeKok.

More information about the Freeradius-Users mailing list