> >rad_recv: Access-Request packet from host 10.10.10.139:6001, id=7, >length=115 > > User-Name = "00-18-de-4e-8f-1d" > > User-Password = "secret" > > NAS-IP-Address = x.x.x.139 > > Called-Station-Id = "00-20-a6-64-66-a3:A" > > Calling-Station-Id = "00-18-de-4e-8f-1d" > > NAS-Port = 2 > > NAS-Port-Type = Wireless-802.11 > >I have this entry in my users file : > >00-18-de-4e-8f-1d Auth-Type:=Local, User-Password == "secret" > > > >Is this correct(right) way to control MAC addresses thought radius? >
This will work fine considering that mac address will not be used for mschap eap etc. Correct way is not to use Auth-Type and use Cleartext-Password with := as operator (if this is a recent Freeradius version). > > >Another question is : what is correct way to separate two types(MAC&PEAP) of >requests to radius server? > There is nothing to do. mac auth wil be a pap request (like the one you posted) and peap will be an eap request. So, your AP will do that for you. > > >At this moment I have situation when my MAC request tries to authorize >thought LDAP and only afterward looks in users file. > Upgrade to 2.0.2. Than you can process pap and eap requests differently. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
