MAC Authentication Queries

[FreeRAD]

Hi Alan,

All the debug gives me is the error message but no assistance as to why the
error message appears. I know it has something to do with what is included
in the "else" statement which is why I'm querying what needs to be in the
"else" statement. Since based on the guide I mentioned, I have put in there
what needs to be put in there.

Many thanks

On Thu, Sep 26, 2024 at 3:45 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Sep 26, 2024, at 4:42 PM, FreeRAD <yetifreerad at gmail.com> wrote:
> > I agree that the default config works fine but this part doesn't seem to
> > the way it is instructed in the FreeRADIUS guide. What is actually
> supposed
> > to go in the "else" statement? As based on the comments in the "if"
> > statement I would assume it's 'if the MAC is correct and it's not an EAP
> > message then ACCEPT. else, continue through the authorize section'. But
> > this is seemingly what happens if you have the "else" or not.
>
>   See the debug output for why this happens.  The entire configuration is
> documented.  How the server processes files is documented.  It's not
> productive for me to cut & paste that documentation to the list.
>
> > Another thing I have noticed when using the Authorized_Macs module is
> that
> > I receive an Access-Accept initially once the MAC has been validated, but
> > then I also get "Device with MAC Address %{Calling-Station-ID} authorized
> > for network access" in every subsequent Access-Challenge that is sent
> from
> > the Server to the NAS when the server is going through EAP-TTLS/PAP
> > authentication. This is sent along with the EAP-Message,
> > Message-Authenticator, and State attributes. Is this sort of behaviour
> > expected?
>
>   It's fine.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>