Hi all,
I'm using freeradius 1.0.0-pre3 to authenticate users with 802.1x
eap/tls. I would like to allow authentication only from some special
MAC addresses, regardless if the certificate is valid or not.
The switch/ap provides the MAC address in "Calling-Station-ID".
My users file looks like this:
DEFAULT Calling-Station-Id == "00-c0-4f-0f-42-11", Auth-Type := TLS
Service-Type = Framed-User
But the Calling-Station-ID attribute seems to be ignored.
I would also like to restrict a user to use LEAP only:
user99 Auth-Type := EAP, User-Password == "test", EAP-Type := LEAP
Service-Type = Framed-User
This does not work either, he can still use MD5.
Where are my mistakes?
Dietmar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
