FreeRADIUS3 Wifi MAC Authentication Failing

  • I'm trying to get MAC authentication working with the FreeRADIUS3 pfSense package. I have no issues with username/password PEAP/MSCHEAPv2 authentication, but I've tried using MAC authentication on my two Brother Wireless Printers and to diagnose the issue on my Android Tablet.

    Default Settings in FreeRADIUS3 pfSense Package except:

    • weak EAP types disabled
    • SSL CA, CRL and Server Certificate changed to those I created
    • Setup Interfaces, NAS Clients, 2 Users and 3 MACs to test (with VLAN assignments)```java
    • changed the log to /var/log/radius.log easier to follow (not mixed in with other System Log messages
    • Tested with Empty Plain MAC Authentication enabled and disabled no difference.

    NAS Client is a Unifi AP-AC-LR Access Point configured through the latest Unifi Controller Software. I have correctly setup the RADIUS profile in the Controller as user login works perfectly. I also enabled RADIUS MAC authentication with format aa-bb-cc-dd-ee-ff and Allow empty password.

    On the Brother Wireless Printers the log says:

    Auth: (0) Login OK: [mac address] (from client unifi_wap_lr port 0 cli mac address)

    The Android Login fails with No NT/LM-Password or wrong certificate as if it's ignoring MAC authentication. I have used the mac address for the user name and the password since I had to enter something in order to be allowed to connect. I also tried with TLS with any certificate figuring the MAC authentication should bypass it.

    Can anyone help me? I only have a few IoT devices and would like to have a single SSID using MAC authentication for the IoT devices and using RADIUS to assign VLAN.


    Jay Quin