On 21 Jun 2013, at 12:55, Matthew Newton <m...@leicester.ac.uk> wrote:
> On Fri, Jun 21, 2013 at 01:23:28PM +0200, Roberto Ortega Ramiro wrote: >> Hello, I have configured freeradius for accept one host conection over host >> mac address > > On the assumtion this is an instantation of 'files', then the > format for the file would be > > 98-0c-82-b5-00-f2 Auth-Type := Accept > >> NAS-Port-Type = Wireless-802.11 >> Connect-Info = "CONNECT 802.11g" >> EAP-Message = 0x02010010016c756e612e20626f726a61 > > However, you can't do MAC address authentication with a plain > 'Access-Accept' when you're doing EAP, so this isn't going to > work anyway. The client won't see the Accept (this goes to the > NAS) and will disconnect without an EAP Success. > > You probably want EAP-TLS if you want host (rather than user) > based authentication on wireless. Yes.. but the files module still should be returning noop if there's valid entry for that key value. and you can do: authorize_macs if (!noop) { update control { Auth-type := Accept } } Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html