Isn't it possible without a password? In the current situation I only add a MAC address to an access point and the client can connect to it. Because of many access points this task should be done by the RADIUS-server for all access points. So every access point should forward the authentification request from the client to the RADIUS-server. This server should check if the clients MAC address is allowed and then send back the result to the access point.
F. Niedernolte -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan DeKok Gesendet: Mittwoch, 22. Oktober 2008 10:56 An: FreeRadius users mailing list Betreff: Re: AW: MAC authentification [EMAIL PROTECTED] wrote: > So a simple entry like > > User42 MAC := "02:01:02:03:04:05" > > in the users file would be enough!? No. I mentioned the "User-Name" attribute, not the "MAC" attribute. Do you see the "MAC" attribute in the RADIUS packet? Does reading the "man" page for the "users" file lead you to believe that an entry like above will do *anything*? What I said was this: "MAC authentication" is nearly always just normal username/password authentication. If you can configure username/password authentication, you can configure MAC authentication. Just give the "users" names that match the MAC addresses in the Access-Request, and be sure that the "passwords" match the User-Password field in the Access-Request. It would help to *look* at an Access-Request for MAC authentication, and forget that it's something magic called "MAC authentication". Instead, figure out how you would get this user authenticated in normal user authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
