Yes, I aim not to install hotfix in Windows XP client. My main purpose is to check valid MAC address of every Wireless Device (with Windows XP SP2). Based on "radiusd -X" log in my previous email, I tried to conclude that even in Authorization phase, calling-station-id has been validated to be match with MAC address data in SQL db. In this case, I don't need further Authentication phase.
However, I dont know how to configure radius server to ignore authentication phase. Is there any idea for me to follow? thanks in advance. On Fri, Aug 8, 2008 at 12:44 PM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Ramot Lubis wrote: >> Hi, I'm trying to implement FreeRadius to authenticate Wireless >> CLient based on MAC address only, unfortunately all my wireless client >> using EAP/TLS (Windows XP SP2) . I found that tutorials and doc are >> not leading me to the right direction. > > Could you explain? > >> Besides, I will not burden my >> Windows XP SP2 client to search hotfix for EAP/TLS compatibility with >> FreeRadius. > > Does that mean you won't be installing the hotfix? If so, it's likely > that XP may not work. And it's not "compatibility with FreeRADIUS", > it's "following the standards". FreeRADIUS works with every other > supplicant that exists. Microsoft keeps breaking their supplicants with > new releases of their OS, and *every* RADIUS server has to change in > order to "be compatible". > >> After digging more, I realize that Authorization using checkval module >> is enough to verified valid MAC address from Wireless Client. > > I would not use the checkval module. Try using another module. > >> But my >> question is how can I use only Authorization where Authentication will >> always return Access-Accept. > > You can do MAC address checking in the "authorization" stage. > >> Here is my radiusd -X output: > ... >> EAP-Message = >> 0x0201002201504944454c2d3343354233304539435c41646d696e6973747261746f72 >> Message-Authenticator = 0x891b437263cd48909255484bb081c823 > ... >> auth: No authenticate method (Auth-Type) configuration found for the >> request: Rejecting the user >> auth: Failed to validate the user. > > You edited the default configuration and broke it. Don't do that. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
