MAC Auth Bypass with default allow

Alan DeKok aland at
Fri Sep 21 20:20:56 CEST 2018

On Sep 21, 2018, at 2:14 PM, Mark Muehlbauer <mmuehlbauer at> wrote:
> FreeRadius + MySQL + MAC Authentication Bypass.
> Scenario:  I would like to authenticate all incoming MAC addresses as
> valid and assign them to VLAN X.  Initially I have this working just fine
> using the users file.
> Entry in users:
>        DEFAULT Cleartext-Password := "%{User-Name}"
>        Tunnel-Type = VLAN,
>        Tunnel-Medium-Type = IEEE-802,
>        Tunnel-Private-Group-Id = "22"
> I have MySQL and Radius talking just fine against MAC based
> authentication.  However, I cannot find where the same DEFAULT (allow all
> MACs) entry should be added to allow this same functionality, but now with
> a MySQL backend.

  There's no real "DEFAULT" processing in the SQL module.  To be honest, leaving that in the "users" file is fine.

  Databases are for bulk data.  Having one "DEFAULT" entry in a database isn't overly productive.

  Alan DeKok.

More information about the Freeradius-Users mailing list