MAC only authentication issues

Alan DeKok aland at deployingradius.com
Thu Jul 21 11:53:31 UTC 2022


On Jul 20, 2022, at 9:18 PM, Kristian Maiorano <kristian.maiorano at gmail.com> wrote:
> 
> I've been banging my head against the wall for a couple of weeks now.
> My goal is to have a freeradius server with MAC only authentication
> setup on my Unifi Dream Machine. I've found various sites around the
> web with smattering amounts of information, as well as some old posts
> on this mailing list, but I can't seem to get it working just right.
> I've tried to keep it as "vanilla" as possible to get it working
> before worrying about VLAN management by MAC, so this is purely to get
> something connected. I've tried adding the MAC to the "user" file per
> some sites, put in the clear-text password without dashes, and a bunch
> of other configurations at various points before blowing it all away
> to start again multiple times. Here is my debug output:

  You're getting an Access-Accept, so the configuration is OK.
> 
> (0) Sent Access-Accept Id 31 from 192.168.1.96:1812 to
> 192.168.1.1:34967 length 96
> (0)   Reply-Message = "Device with MAC Address 3c-22-fb-ee-6f-46 is
> authorized for network access"
> (0) Finished request

  That's good.

> As you can see, it looks like it accepts the MAC address. However, on
> my laptop it pops up asking for username and password credentials,
> regardless if I have anything in the "users" file or not (the only
> difference being an extra line about a matched entry in files and
> [files] = ok). Any help or next steps would be greatly appreciated.

  That extra pop-up is because you've configured the WiFi SSID to require 802.1X authentication.  i.e. TTLS / PEAP / etc.

  You must configure that on FreeRADIUS, too.  There are many guides to doing this.  Create / install the certificates on FreeRADIUS and the supplicant.  Add a known user and password, etc.

  You cannot bypass 802.1X authentication by enabling MAC address authentication.

  ALan DeKok.



More information about the Freeradius-Users mailing list