FreeRADIUS3 Wifi MAC Authentication Failing
jjquin last edited by
I'm trying to get MAC authentication working with the FreeRADIUS3 pfSense package. I have no issues with username/password PEAP/MSCHEAPv2 authentication, but I've tried using MAC authentication on my two Brother Wireless Printers and to diagnose the issue on my Android Tablet.
Default Settings in FreeRADIUS3 pfSense Package except:
- weak EAP types disabled
- SSL CA, CRL and Server Certificate changed to those I created
- Setup Interfaces, NAS Clients, 2 Users and 3 MACs to test (with VLAN assignments)```java
- changed the log to /var/log/radius.log easier to follow (not mixed in with other System Log messages
- Tested with Empty Plain MAC Authentication enabled and disabled no difference.
NAS Client is a Unifi AP-AC-LR Access Point configured through the latest Unifi Controller Software. I have correctly setup the RADIUS profile in the Controller as user login works perfectly. I also enabled RADIUS MAC authentication with format aa-bb-cc-dd-ee-ff and Allow empty password.
On the Brother Wireless Printers the log says:
Auth: (0) Login OK: [mac address] (from client unifi_wap_lr port 0 cli mac address)
The Android Login fails with No NT/LM-Password or wrong certificate as if it's ignoring MAC authentication. I have used the mac address for the user name and the password since I had to enter something in order to be allowed to connect. I also tried with TLS with any certificate figuring the MAC authentication should bypass it.
Can anyone help me? I only have a few IoT devices and would like to have a single SSID using MAC authentication for the IoT devices and using RADIUS to assign VLAN.