MAC Address auth?!

Mathias Maes mathias.maes at maerlantatheneum.be
Sun Dec 24 17:41:07 UTC 2023


MAC address auth is not 2FA because it's not an extra factor. It's more
like a second password that can easily be read, sniffed of captured. It
doesn't really add any security as MAC spoofing is as old as ethernet.

But if you want to do it because someone demands it, read this:
https://wiki.freeradius.org/guide/mac-auth





Op zo 24 dec. 2023 18:10 schreef Marco Gaiarin <gaio at lilliput.linux.it>:

>
> A consultant in a session speak about 'MAC address authentication', using
> Unifi APs/management software, and describing it a '2FA'.
>
>
> If i understood well, enabling a specific options:
>
>
> https://help.ui.com/hc/en-us/articles/115004589707-RADIUS-Based-MAC-Authentication-and-802-1X
>
> i can connect suppicant to the network (via WPA2/3-Personal, so a shared
> secret) and then do a second-step authorization using radius, but where
> account are in the form 'AABBCCDDEEFF' (uppercase MAC address) and password
> is identical to the user.
>
>
> This seems '0,5FA': 0,5 for a shared passwod, 0 for account where password
> is
> identical to username.
>
> But effectivaly i found in google some setups like that, that really i
> don't
> understand. Someone have some clue?
>
>
> This seems to me real 2FA...
>
>         https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
>
>
> Thanks.
>
> --
>   Vendere no, non passa tra i miei rischi,
>   non comprate i miei dischi e sputatemi addosso.       (F. Guccini)
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list