On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote: > As you can see, the device wasn't listed in the file, the authentication > went fine, saying that the tunnel that I should get has ID 40, but that > wasn't overwritten by the authorized_macs check...
Add DEFAULT Auth-Type := Reject to the bottom of your authorized_macs file. You might as well move the mac address check up above eap in the authorize section. There's no point going through all the eap processing if you're just going to reject afterwards based on something that could easily have been done first. Cheers Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html