We are a WISP, we have freeRadius running with mySQL. The NASs that currently use RADIUS (SmartBridge XOs) transmit the CPE's MAC address as both UserName and Password. We have new and better NASs (MikroTik) that transmit the CPE's mac address as the UserName, but with a "null" password. What we want is "simple" - for both NASs to validate off of RADIUS. BUT because of the difference in Passwords, the same entry in RadCheck won't do it.
I'm just guessing that the reason that the NAS itself is trying to authenticate is to have it download some configuration items via radius in the access-accept.
Maybe you should question the fact that your NASes aren't able to identify themselves.
If I knew one of the MACs, I could get authenticated at your radius or even worse, I could just try until I find a correct MAC address.
Maybe there's no issue in security, but in my opinion... what you're trying to do doesn't look like anything smart.
Try to understand what's wrong in your design and figure out a solution, even if it means replacing several devices (you say you're a WISP, so you should go for solid things, maybe by getting features from your device manufacturer).
-- Regards,
Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
