On 10/18/2013 11:00 AM, Alan DeKok wrote:
Bertalan Voros wrote:
I have one question, I would like to log a message in radius.log when a
device is rejected based on its mac address.
I would like to put a message saying that the device was unauthorised
and the Calling-Station-Id into the
On Fri, 07 Jun 2013 17:40:04 +0200, David Mitton da...@mitton.com wrote:
Best to check the error log on the NAS.
When the link goes up the following debug message appear on the NAS:
2013 Jun 10 15:22:56 system.information awplus pcfg: Egress
Broadcast(1):Milticast(1):Unicast(1) port1.0.5
2013
Hi,
I'm trying to do MAC based authentication on our switches, but for some
strange reason the port doesn't want to authenticate, even though the
radius server sends an Access-Accept package to the port. I did a capture
on the port and the Access-Accept package is received by the port, but
Stijn D'haese wrote:
Any ideas where I need to start looking?
The RADIUS server sent the right answer. The NAS ignored it.
Blame the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The NAS device is the final arbiter of allowing access.
Even if the authentication succeeds, there may be other things about
the connection and the NAS policies that are not met by the port user.
Best to check the error log on the NAS.
Dave.
Quoting Stijn D'haese maill...@stijn-dhaese.be:
Hi All,
I would like to use the free-radius server for mac-authentication and port
authentication.
Please let me know the configuration stuff for the same.
Thanks,
RajaSekhar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rajasekar bonthala wrote:
I would like to use the free-radius server for mac-authentication and
port authentication.
Please let me know the configuration stuff for the same.
Documentation for this already exists. See the Wiki, among other places.
i.e. If you don't have time to read
On 28 Feb 2013, at 10:02, Bouchra Badri bouchra.ba...@gmail.com wrote:
Hello,
Sorry to bring this up again.
I tried to do as you said, and added this line :
VMPS-VLAN-Name = %{sql:select radius.maclist.vlanname from radius.maclist
where radius.maclist.mac='%{VMPS-Mac}'}
as well as this
Your guess is correct. I really hope that's the only thing wrong with the
config.
I'll try it as soon as I have access to the server. Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
1 - I was wondering if going through the tuto in wiki.freeradius is
necessary to be able to authenticate using the mac address ?
For one, that rewrite_calling_station_id generates an error at the run of
freeradius, plus I've seen some tutos that say that cisco Mac-auth-Bypass
can do the
Hi,
1 - I was wondering if going through the tuto in wiki.freeradius is
necessary to be able to authenticate using the mac address ?
For one, that rewrite_calling_station_id generates an error at the run of
freeradius, plus I've seen some tutos that say that cisco Mac-auth-Bypass
Hello, thanks for the quick answer
Cisco MAB is a *method* you configure on the switch. it still needs a
backend
to send the request to - eg a RADIUS server
Yes, of course I'll have to use a Radius server, and many forums say that
if you put the Mac address in both username and password,
Hi,
Yes, of course I'll have to use a Radius server, and many forums say that
if you put the Mac address in both username and password, it will
authenticate if - in the switch - you use Mab... And that's exactly what I
tried to do, but it did not authenticate... Am I doing sth
Great.
Thank you good sir.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I'm trying to have a WiFi client to be authenticated in the OPEN+MAC method
The AP is already known as a client of the Freeradius and any other form of
Radius authentication i tried worked so far (WPA, WPA2)
I'm using PEAP and the clients are Windows XP (if it makes any difference)
I
Tzvika Gelber wrote:
I created a new user with the MAC address of the client as the user and
password :
...
00C0CA32A157 Cleartext-Password := 00C0CA32A157
...
User-Name = 00c0ca32a157
User-Password = 00c0ca32a157
You do realize that they are different, right?
The
Thank you very much.
Tzvika Gelber wrote:
I created a new user with the MAC address of the client as the user and
password :
...
00C0CA32A157 Cleartext-Password := 00C0CA32A157
...
User-Name = 00c0ca32a157
User-Password = 00c0ca32a157
You do realize that they are
Hi!
We've currently a MAC authentication running with dynamic VLANs via SQL for
wired clients. We return the wished VLAN for the client by using the SQL
function authorize_reply_query. We now want to add 802.1x EAP-TLS as supported
authentication method. I got the setup sofar that I'm able
users mailing list
Betreff: Re: 802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs
Hi,
On Thu, Mar 22, 2012 at 03:24:41PM +0100, PENZ Robert wrote:
And how can I use the CN of the certificate in the SQL query? I
believe I need one query for MAC and one for EAP-TLS, as for one
I
Hi,
On Thu, Mar 22, 2012 at 04:27:14PM +0100, PENZ Robert wrote:
But how to I execute the SQL authorize_reply_query query after I
did a EAP authentication? I don't do that currently in
post-auth. I just have the sql modul activated in authorize.
Sorry, can't help here. I've never done any SQL
On 22/03/12 15:27, PENZ Robert wrote:
Hi!
Thx for the fast response!
But how to I execute the SQL authorize_reply_query query after I did
a EAP authentication? I don't do that currently in post-auth. I just
have the sql modul activated in authorize.
Like this:
post-auth {
if
Jim Rice wrote:
The MikroTik routers can be configured to send a variety of MAC address
formats, the default is XX:XX:XX:XX:XX:XX
Which isn't the format recommended by the RFCs sigh.
It can also be set to include the same MAC address in the Password field,
instead of NULL, but I do not
On Wed, Feb 02, 2011 at 02:00:52PM -0600, Gary Gatten wrote:
On shared medium, I don't *think* dupe macs will cause much problem,
unless maybe a congestion algorithm tweaks traffic to/from that mac. I'm
not an expert in that area, just speaking from experience.
Layer 1
---
I have little
Greetings,
Still a newbie, but getting there... (Alan, do you ever sleep?)
I have been asked to implement MAC authentication for a local service provider
with a Canopy radio network and MikroTik routers. No, really.
I was able to test this and received Accept-Accept after placing the MAC
Jim Rice wrote:
Still a newbie, but getting there... (Alan, do you ever sleep?)
In a word: no.
I have been asked to implement MAC authentication for a local service
provider with a Canopy radio network and MikroTik routers. No, really.
I was able to test this and received Accept
Thanks, Alan.
The MikroTik routers can be configured to send a variety of MAC address
formats, the default is XX:XX:XX:XX:XX:XX
It can also be set to include the same MAC address in the Password field,
instead of NULL, but I do not see any added benefit to that.
but had to set Auth-Type :=
=waddell@lists.freeradius.org] On
Behalf Of Jim Rice
Sent: Wednesday, February 02, 2011 1:15 PM
To: FreeRadius users mailing list
Subject: Re: MAC Authentication - Bad Idea?
Thanks, Alan.
The MikroTik routers can be configured to send a variety of MAC address
formats, the default
Hi,
Do I need to be concerned with MAC spoofing?
of course. theres also the issue that the link-layer is completely open
and unencrypted to any eavedropping/dodgy activity
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We implemented MAC authentication with netreg at
http://netreg.sourceforge.net. We used DHCP/DNS/HTTP piece from
netreg. It's essence is DHCP/DHS/HTTP on one server.
Basically there will be a vlan we called sandbox with ip
helper-address pointing to sandbox.foo.edu. The DHCP is configured
On Wed, Feb 02, 2011 at 11:15:13AM -0800, Jim Rice wrote:
Do I need to be concerned with MAC spoofing?
It's easy to do, so it will probably happen; this risk is weighed against
providing a service which is easy for your customers to use.
What happens if two people try to use the same MAC
, February 02, 2011 01:53 PM
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Re: MAC Authentication - Bad Idea?
On Wed, Feb 02, 2011 at 11:15:13AM -0800, Jim Rice wrote:
Do I need to be concerned with MAC spoofing?
It's easy to do, so it will probably happen
: MAC Authentication - Bad Idea?
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Date: Wednesday, February 2, 2011, 11:32 AM
We implemented MAC authentication
with netreg at
http://netreg.sourceforge.net. We used DHCP/DNS/HTTP
piece from
netreg. It's essence is DHCP/DHS
I think it depends on the OS, if a OS is trusting and accepts everything up
the stack from Layer 2 if the MAC address matches it could start to get
confused and cause all sorts of issues. If the device keeps some kind of state
table for connections and rejects all others there may not be
Thanks for your responses.
I tried SQL XLAT yesterday but I had the next radiusd -X errors:
/usr/local/etc/raddb/sites-enabled/default[598]: Failed to parse if
subsection.
/usr/local/etc/raddb/sites-enabled/default[485]: Errors parsing post-auth
section.
I think it is not possible to that with
David Seira wrote:
Thanks for your responses.
I tried SQL XLAT yesterday but I had the next radiusd -X errors:
/usr/local/etc/raddb/sites-enabled/default[598]: Failed to parse if
subsection.
The next logical step would be to post *that line* from the file, and
ask What is wrong about
The next logical step would be to post *that line* from the file, and
ask What is wrong about it?
Yes, but I think it is not possible with SQL XLAT. For that reason, finally,
I try with sql.authorize, as Arran advised me, and I think I've achieved the
solution. The problem was I didn't
Hi list.
I'm trying to implement MAC-Authentication directly from a Mysql database. I
follow the wiki page http://wiki.freeradius.org/Mac-Auth for authenticate
macs from a file. I want to authenticate macs reading the authorized macs
from a mysql database. I understand that in the radcheck table
David Seira wrote:
I don't know where put the sql instruction for read macs from database.
Read raddb/sites-available/default. Look for sql.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan.
Thanks for your time.
In the authorize section I have the next instructions for authorize users in
a mac file:
if((Service-Type == 'Call-Check') || (User-Name =~
/^%{Calling-Station-Id}$/i)){
update control {
Auth-Type = 'CSID'
}
}
I don't know how to call the sql module for read the
I don't know how to call the sql module for read the list users from mysql.
If I put in that section the sql instruction I don't know how compare the sql
results with the Calling-Station-Id that the NAS return in the request.
Another thing is that I don't know why the authorization is
On 22/11/2553 22:41, David Seira wrote:
Hi Alan.
Thanks for your time.
In the authorize section I have the next instructions for
authorize users in a mac file:
if((Service-Type
== 'Call-Check') || (User-Name =~ /^%{Calling-Station-Id}$/i)){
update
control {
I am attempting to edit the ldap module to pass the mac address from the
wireless client as the user. I have changed the basedn, but not sure how
to change the filter.
Here is what I have :
ldap {
#
# Note that this needs to match the name in the LDAP
# server
Raymond Norton wrote:
I have a working set up using wpa2 with freeradius and ldap. I need to
set up host authentication instead of user authentication. I am using
LAM to manage ldap and have added a couple host accounts, but I keep
getting a login page from the hotspot. The problem could be a
I have a working set up using wpa2 with freeradius and ldap. I need to
set up host authentication instead of user authentication. I am using
LAM to manage ldap and have added a couple host accounts, but I keep
getting a login page from the hotspot. The problem could be a config
issue on any
I've been told that Cisco APs won't do WPA with MAC auth in recent versions of
IOS.
-John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I've been told that Cisco APs won't do WPA with MAC auth in recent versions
of IOS.
how would that have worked anyway - you need the key exchange and the right type
of EAP for WPA and wireless
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I've been told that Cisco APs won't do WPA with MAC auth in recent
versions of IOS.
how would that have worked anyway - you need the key exchange and the
right type of EAP for WPA and wireless
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
how would that have worked anyway - you need the key exchange and
the right type of EAP for WPA and wireless
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
The only way I can think of it working was if using Cisco's local MAC
list on the AP
-Original Message-
John McDonnell wrote:
I'm not doing any dynamic VLAN assignments over the wireless so I
really don't see any need for MAC authentication and just see it as
unneeded overhead. Is there any reason why I'm wrong with this
assumption?
It never hurts. You can do
John McDonnell wrote:
I don't know if you have any experience with the 1100 series access points
from Cisco, but they have a setting called EAP and MAC authentication. I'm
not sure how it is implemented, but I would imagine I should just set it
to do EAP and have FR itself do the MAC check
John McDonnell wrote:
I'm not doing any dynamic VLAN assignments over the wireless so I really
don't see any need for MAC authentication and just see it as unneeded
overhead. Is there any reason why I'm wrong with this assumption?
It never hurts. You can do *both* EAP MAC auth
to use WPA-PSK
so I am looking at doing EAP-TLS. I have a test server up that I've gotten to
work with EAP-TLS using the snake-oil certificates. On the AP's, there is the
option of doing EAP and MAC authentication. This leads to my question.
Does doing MAC authentication really accomplish anything
Difan Zhao wrote:
So radiusd -X won't show whether a check attribute was updated or not?
No. There are a LOT of things that can happen when the server runs.
It doesn't print out all of them.
It’s supposed to update the “auth-type” value but nothing is shown
whether the value has been
-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Difan Zhao
Sent: Wednesday, December 30, 2009 12:19 PM
To: FreeRadius users mailing list
Subject: RE: MAC authentication bypass --- How
amIsupposedto
Difan Zhao wrote:
To refresh your memory, I am doing MAC address authentication bypass. It
looks to me that the “users” file takes precedence than
“sites-available/default”.
No. You are setting Auth-Type = ... in the users file, and then
trying to se Auth-Type = ... *again* elsewhere.
Subject: Re: MAC authentication bypass ---How
amIsupposedto?edit?theusersfileto include multiple MAC addresses??
Difan Zhao wrote:
To refresh your memory, I am doing MAC address authentication bypass.
It
looks to me that the users file takes precedence than
sites-available/default
Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk wrote:
On 29/12/2009 14:45, Difan Zhao wrote:
Difan Zhao would like to recall the message, MAC authentication
bypass --- How am Isupposedto?edit?theusersfile to include multiple
MAC addresses??.
I've often wondered what that means
To: freeradius-users@lists.freeradius.org
Subject: Re: Recall: MAC authentication bypass
---How?am?Isupposedto?edit?theusersfile to include multiple
MACaddresses??
Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk wrote:
On 29/12/2009 14:45, Difan Zhao wrote:
Difan Zhao would like to recall the message
-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Alexander Clouter
Sent: Wednesday, December 30, 2009 5:52 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Recall: MAC authentication bypass
---How?am?Isupposedto
for
MAC authentication bypass? Thanks!
Policy.conf:
policy {
...
rewrite_calling_station_id {
if(request:Calling-Station-Id =~
/00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {
update request
Greetings,
I hope you all had a wonderful Christmas holidays!
So I continued my work this morning. It looks like it can authenticate
the devices (with the certain MAC address pattern) however from the
Radius -X output (which I attached here) it doesn't seem to authenticate
it the way I
Difan Zhao would like to recall the message, MAC authentication bypass --- How
am Isupposedto?edit?theusersfile to include multiple MAC addresses??.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 29/12/2009 14:45, Difan Zhao wrote:
Difan Zhao would like to recall the message, MAC authentication
bypass --- How am Isupposedto?edit?theusersfile to include multiple
MAC addresses??.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've often wondered
] On Behalf Of Difan Zhao
Sent: Tuesday, December 29, 2009 11:09 AM
To: FreeRadius users mailing list
Subject: RE: MAC authentication bypass --- How
amIsupposedto?edit?theusersfile to include multiple MAC addresses??
Greetings,
I hope you all had a wonderful Christmas holidays!
So I
list
*Subject:* RE: MAC authentication bypass --- How
amIsupposedto?edit?theusersfile to include multiple MAC addresses??
Greetings,
I hope you all had a wonderful Christmas holidays!
So I continued my work this morning. It looks like it can authenticate
the devices
Difan Zhao wrote:
...
if(%{request:User-Password} == %{request:User-Name}) {
Please read man unlang. It documents the accepted syntax. The
example above is not correct.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey guys,
So I finally started configuring this MAC auth bypass thing... I am
editing the raddb/policy.conf to include the
rewrite_calling_station_id function/module however when I am trying to
run the radiusd -X I got this error:
/etc/raddb/policy.conf[72]: Parse error in condition at:
Difan Zhao wrote:
Hey guys,
So I finally started configuring this *MAC auth bypass* thing... I am
editing the *raddb/policy.conf* to include the
*rewrite_calling_station_id* function/module however when I am
trying to run the *radiusd –X* I got this error:
/etc/raddb/policy.conf[72]:
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Arran Cudbard-Bell
Sent: Thursday, December 24, 2009 1:13 PM
To: FreeRadius users mailing list
Subject: Re: MAC authentication bypass --- How am I
supposedto?edit?theusersfile to include multiple MAC addresses
So...,
Alan suggested using unlang. I am actually reading un-language (5). If I
use it, where or what file do I put your script in?
=Script that Alan
wrote
authorise {
if(%{User-Name} =~ /[0-9a-z]{12}/i
Alexander, I did read the links you gave me very carefully and I guess I
understand the logic... However it seems that I have to edit many files.
I am new to the FreeRadius and I don't have any programming
experience... Is there a document which can tell me briefly what these
files are for
Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk wrote:
the real answer is to get the vendors to sort their cheap shoddy kit out ;-)
Ahem *Vendor :P - - Sorry I have to do it or they beat me :(
dare I ask why you do not use you new 'formal' email address? ;)
Cheers
--
Alexander
Hi,
yep - but a user could just as easily log in with the user-name of
00:11:22:33:44:55 ;-)
Not when you say !EAP-Message too :)
...and how does that stop, lets just say for example, some user coming
along with 802.1X configured on their wired interface and logging it
with
On 21/12/2009 09:15, Alan Buxey wrote:
Hi,
yep - but a user could just as easily log in with the user-name of
00:11:22:33:44:55 ;-)
Not when you say !EAP-Message too :)
...and how does that stop, lets just say for example, some user coming
along with 802.1X configured on
On 21/12/2009 09:05, Alexander Clouter wrote:
Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk wrote:
the real answer is to get the vendors to sort their cheap shoddy kit out ;-)
Ahem *Vendor :P - - Sorry I have to do it or they beat me :(
dare I ask why you do
Hi,
If I use AD or SQL, can I write a script to accomplish the logic I need so I
don't have to type in each individual MAC as UN/PW in the database? It still
sounds like I need to (for example in AD) manully input each of them in the
database. Can you please give me details about how to
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
If I use AD or SQL, can I write a script to accomplish the logic I need so I
don't have to type in each individual MAC as UN/PW in the database? It still
sounds like I need to (for example in AD) manully input each of them in the
database. Can you
Hi,
some would say that is a controversial MAC address regexp, but I
guess you just do things differently 'up north' eh? :)
hey, it was a quick hackup example to deal with the question.
'cheese112233xxyyzzTASTY' would even match that :)
yep - but a user could just as easily log in
On 20/12/2009 22:44, Alan Buxey wrote:
Hi,
some would say that is a controversial MAC address regexp, but I
guess you just do things differently 'up north' eh? :)
hey, it was a quick hackup example to deal with the question.
'cheese112233xxyyzzTASTY' would even match
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
'cheese112233xxyyzzTASTY' would even match that :)
yep - but a user could just as easily log in with the user-name of
00:11:22:33:44:55 ;-)
Not when you say !EAP-Message too :)
thats why some decent stuff needs to be done elsewhereI dont
Hi,
The way how it works is that (I figured it out by running debug on the switch
and by using wireshark), if the supplicant device doesn’t support 802.1x, the
switch (172.17.254.100) sends a access request to the freeradius server
(172.17.1.1) with username and password both are the MAC
on
behalf of Alan Buxey
Sent: Sat 12/19/2009 2:34 AM
To: FreeRadius users mailing list
Subject: Re: MAC authentication bypass --- How am I supposed to edit theusers
file to include multiple MAC addresses??
Hi,
The way how it works is that (I figured it out by running debug on the switch
Hey experts!!
I am having another dilemma here. I am trying to configure MAC
authentication bypass feature on my Cisco 3750 switch to authenticate
some devices which don't support 802.1x.
The way how it works is that (I figured it out by running debug on the
switch and by using wireshark
Hello!
I am struggling with a mac-auth-bypass problem with my Cisco 6509s and my
FreeRADIUS
server. The 6509 sends the radius server the request, FreeRADIUS authenticates
it as
OK, but yet my port remains in the authfail state on the switch. Does anyone
have
any ideas? Here is my debug
-users@lists.freeradius.org
Sent: Thursday, June 11, 2009 12:50:26 PM GMT -05:00 US/Canada Eastern
Subject: Re: MAC Authentication
case counts, try adding the entry in your users file with lowercase.
Steve Wu wrote:
Everyone -
I'm being a bit brain dead most likely. I have been tinkering
Jacob Baloul wrote:
I have several NAS / Hotspots installed behind a NAT.
They are all WRT54GL routers with OpenWRT + Chili and authenticating
against FreeRadius + DaloRadius which is NOT in this NAT.
Meaning FreeRadius sees all of the WRT's as coming from the same public
IP, which also
Everyone -
I'm being a bit brain dead most likely. I have been tinkering with Freeradius
and MAC authentication successfully. Now I have a real server to build FR on so
I proceeded to build the new server. After going through the *same* steps to
build FR, duplicating the clients.conf
case counts, try adding the entry in your users file with lowercase.
Steve Wu wrote:
Everyone -
I'm being a bit brain dead most likely. I have been tinkering with
Freeradius and MAC authentication successfully. Now I have a real
server to build FR on so I proceeded to build the new server
users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, June 11, 2009 12:50:26 PM GMT -05:00 US/Canada Eastern
Subject: Re: MAC Authentication
case counts, try adding the entry in your users file with lowercase.
Steve Wu wrote:
Everyone -
I'm being a bit brain dead most likely
I'm being a bit brain dead most likely. I have been tinkering with
Freeradius and MAC authentication successfully. Now I have a real server
to build FR on so I proceeded to build the new server. After going through
the *same* steps to build FR, duplicating the clients.conf and users file,
I
Hi All,
I have several NAS / Hotspots installed behind a NAT.
They are all WRT54GL routers with OpenWRT + Chili and authenticating against
FreeRadius + DaloRadius which is NOT in this NAT.
Meaning FreeRadius sees all of the WRT's as coming from the same public IP,
which also happens to be dynamic.
clients to do MAC authentication via the FR box. I have
setup my users file to auth two of my test laptops:
000E35-84610A Auth-Type := Local, User-Password == esradius
00215C-08B25D Auth-Type := Local, User-Password == esradius
When either tries to connect up, in the FR debug I see:
rad_recv
chattering
with the FR box fine (I think).
I want my wireless clients to do MAC authentication via the FR box. I have
setup my users file to auth two of my test laptops:
000E35-84610A Auth-Type := Local, User-Password == esradius
00215C-08B25D Auth-Type := Local, User-Password == esradius
box fine (I
think).
I want my wireless clients to do MAC authentication via the FR box.
I have setup my users file to auth two of my test laptops:
000E35-84610A Auth-Type := Local, User-Password == esradius
00215C-08B25D Auth-Type := Local, User-Password == esradius
Try to assign
=networkradius@lists.freeradius.org]
On Behalf Of Steve Wu
Sent: Friday, May 08, 2009 8:35 AM
To: freeradius-users@lists.freeradius.org
Subject: FR Using MAC Authentication
Hi -
I have just started tinkering with Freeradius, I built an Ubuntu 8.10 server
box and installed FR -- sudo apt-get install
Steve Wu wrote:
I want my wireless clients to do MAC authentication via the FR box. I
have setup my users file to auth two of my test laptops:
000E35-84610A Auth-Type := Local, User-Password == esradius
00215C-08B25D Auth-Type := Local, User-Password == esradius
Those entries are wrong
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Friday, May 8, 2009 11:42:29 AM GMT -05:00 US/Canada Eastern
Subject: RE: FR Using MAC Authentication
Steve,
Your wireless access point is sending the MAC address as the username and
password. Change the username
Thanks Tim, that worked, although is that up to each AP manf as to what it
sends?
Yes.
I changed the password field to match the MAC and it
authenticated (I think), but I didn't get an IP. The 420 I'm using hands
out an IP fine when I turn off the MAC auth and have it wide open, so it's
Steve Wu wrote:
Thanks Tim, that worked, although is that up to each AP manf as to what
it sends?
Pretty much.
I have HP420s. I changed the password field to match the MAC
and it authenticated (I think), but I didn't get an IP.
So... did you run the server in debugging mode? The log
Of Adi_T
Sent: 16 April 2009 13:39
To: freeradius-users@lists.freeradius.org
Subject: Mikrotik radius-mac-authentication
I'm using Freeradius to control the access to my Mikrotik APs. In the radius
database I've put at the radcheck table all the mac-addresses of my clients.
When I put accept
1 - 100 of 152 matches
Mail list logo
