Hi Phil, you were right my config was terrible...i started over and followed instructions from wiki on how to setup macauth and 8021x, now my config looks better, but i still have the issue as shown below.
It says that mac address is not in authorised_macs but it is, 64-31-50-81-cb-2f Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized for network access" also in raddb/modules/files, i added section authorized_macs, I read the forum and consulted google, but still strugle with this...please help. .... Listening on authentication address 10.222.72.100 port 1812 Listening on proxy address 10.222.72.100 port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.222.72.112 port 65534, id=27, length=143 NAS-IP-Address = 100.1.1.1 NAS-Port-Id = "1.1" Framed-MTU = 1024 User-Name = "64-31-50-81-CB-2F" Calling-Station-Id = "64-31-50-81-CB-2F" Message-Authenticator = 0x4dffe7f21d146b2832db0fdb6678d135 EAP-Message = 0x02ce00110167706f6e2d48505c67706f6e NAS-Identifier = "BLM12_SINGTEL" Ericsson-Attr-101 = 0x4552494353534f4e # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++- entering policy rewrite_calling_station_id {...} +++? if (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) ? Evaluating (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> TRUE +++? if (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> TRUE +++- entering if (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) {...} expand: %{1}-%{2}-%{3}-%{4}-%{5}-%{6} -> 64-31-50-81-CB-2F expand: %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} -> 64-31-50-81-cb-2f ++++[request] returns ok +++- if (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) returns ok +++ ... skipping else for request 0: Preceding "if" was taken ++- policy rewrite_calling_station_id returns ok [authorized_macs] expand: %{Calling-Station-ID} -> 64-31-50-81-cb-2f ++[authorized_macs] returns noop ++? if (!ok) ? Evaluating !(ok) -> TRUE ++? if (!ok) -> TRUE ++- entering if (!ok) {...} +++[reject] returns reject ++- if (!ok) returns reject expand: %{User-Name}, %{Password} -> 64-31-50-81-CB-2F, Invalid user: [64-31-50-81-CB-2F/<no User-Password attribute>] (from client be-lem-12 port 0 cli 64-31-50-81-cb-2f) 64-31-50-81-CB-2F, Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 64-31-50-81-CB-2F attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 27 to 10.222.72.112 port 65534 Waking up in 4.9 seconds. Cleaning up request 0 ID 27 with timestamp +23 Ready to process requests. ... -- View this message in context: http://freeradius.1045715.n5.nabble.com/webauth-and-macauth-tp5703328p5710022.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html