Page 1 of 1

FreeRadius auth by MAC address

Posted: Wed Jun 13, 2007 10:47 pm
by transporter_ii
I've searched the Net over for this one. I have a working FreeRadius server, but only PAP & user name / password logins on a hotspot. When I follow the Mikrotik "how-to's" on authorizing by MAC, my auth attempts fail every time. The MT wiki states this:
To authorize associations on an AP interface, first set up a RADIUS server with "Wireless" enabled, then you simply need to set "radius-mac-authentication=yes" in the security profile for the AP. You can do this through winbox by going to the Wireless->Security Profiles tab, double clicking your profile and ticking the "RADIUS MAC Authentication" box. Mikrotik will submit the MAC address as the username in the format 00:11:22:33:44:55 with a blank password. Since Mikrotik submits a blank password, you will need to keep this in mind when developing your security systems.
I did all of that...but the problem is, I can't get FreeRadius to authenticate when there isn't a password. With NtRadPing, I can get an accept if I add a password. Without the password it is rejected.

If anyone could show me how they set that up in their FreeRadius user's file with no password, it would be much appreciated. Can't find any examples anywhere. I'm on my second day straight of working on this, and would be happy if I could get this last little thing working.

Thanks,

Re: FreeRadius auth by MAC address

Posted: Thu Aug 02, 2007 12:27 am
by Seccour
I had built such a setup a while ago but abandoned it due to some problems that hotspot had with retarded consumer routers. This was all done pre 2.9.40 So I don't know what changes have been made to possibly help me with the problems I had. Do a search on the forum for my username and i'll get the threads on some of the problems I had with it.

I was using a sql to store my users, but here is how i had it setup in that, its pretty close to what the users file would resemble with just its own formatting :

00:14:BF:2D:1A:F6 User-Password :=

I remember a when i was setting this up I had the same problem, but its been over a year so I couldn't tell ya what happened on my resolution. I also recall reading some strange radius related behavior where radius would always send a authenticate-accept reply regardless if the password was correct or not. I would post a sample user conf you are using, as well as turn on the logging for radius in the MT and post what it says. I remember using that heavily when I built my system.

;)