MAC only authentication issues

Kristian Maiorano kristian.maiorano at gmail.com
Thu Jul 21 14:08:12 UTC 2022 

> That extra pop-up is because you've configured the WiFi SSID to require 802.1X authentication.  i.e. TTLS / PEAP / etc.
> You must configure that on FreeRADIUS, too.  There are many guides to doing this.  Create / install the certificates on FreeRADIUS and the supplicant.  Add a known user and password, etc.
> You cannot bypass 802.1X authentication by enabling MAC address authentication.

Thank you so much, Alan. I'm glad it wasn't a config issue with the
MAC authentication, and now I have another direction to head in to get
this to work. I know just enough to be dangerous with networking
topics, so I appreciate the explanation and suggestion.


On Thu, Jul 21, 2022 at 7:53 AM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Jul 20, 2022, at 9:18 PM, Kristian Maiorano <kristian.maiorano at gmail.com> wrote:
> >
> > I've been banging my head against the wall for a couple of weeks now.
> > My goal is to have a freeradius server with MAC only authentication
> > setup on my Unifi Dream Machine. I've found various sites around the
> > web with smattering amounts of information, as well as some old posts
> > on this mailing list, but I can't seem to get it working just right.
> > I've tried to keep it as "vanilla" as possible to get it working
> > before worrying about VLAN management by MAC, so this is purely to get
> > something connected. I've tried adding the MAC to the "user" file per
> > some sites, put in the clear-text password without dashes, and a bunch
> > of other configurations at various points before blowing it all away
> > to start again multiple times. Here is my debug output:
>
>   You're getting an Access-Accept, so the configuration is OK.
> >
> > (0) Sent Access-Accept Id 31 from 192.168.1.96:1812 to
> > 192.168.1.1:34967 length 96
> > (0)   Reply-Message = "Device with MAC Address 3c-22-fb-ee-6f-46 is
> > authorized for network access"
> > (0) Finished request
>
>   That's good.
>
> > As you can see, it looks like it accepts the MAC address. However, on
> > my laptop it pops up asking for username and password credentials,
> > regardless if I have anything in the "users" file or not (the only
> > difference being an extra line about a matched entry in files and
> > [files] = ok). Any help or next steps would be greatly appreciated.
>
>   That extra pop-up is because you've configured the WiFi SSID to require 802.1X authentication.  i.e. TTLS / PEAP / etc.
>
>   You must configure that on FreeRADIUS, too.  There are many guides to doing this.  Create / install the certificates on FreeRADIUS and the supplicant.  Add a known user and password, etc.
>
>   You cannot bypass 802.1X authentication by enabling MAC address authentication.
>
>   ALan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list