FreeRADIUS3 Wifi MAC Authentication Failing



  • I'm trying to get MAC authentication working with the FreeRADIUS3 pfSense package. I have no issues with username/password PEAP/MSCHEAPv2 authentication, but I've tried using MAC authentication on my two Brother Wireless Printers and to diagnose the issue on my Android Tablet.

    Configuration
    Default Settings in FreeRADIUS3 pfSense Package except:

    • weak EAP types disabled
    • SSL CA, CRL and Server Certificate changed to those I created
    • Setup Interfaces, NAS Clients, 2 Users and 3 MACs to test (with VLAN assignments)```java
    • changed the log to /var/log/radius.log easier to follow (not mixed in with other System Log messages
    • Tested with Empty Plain MAC Authentication enabled and disabled no difference.

    NAS Client is a Unifi AP-AC-LR Access Point configured through the latest Unifi Controller Software. I have correctly setup the RADIUS profile in the Controller as user login works perfectly. I also enabled RADIUS MAC authentication with format aa-bb-cc-dd-ee-ff and Allow empty password.

    On the Brother Wireless Printers the log says:

    Auth: (0) Login OK: [mac address] (from client unifi_wap_lr port 0 cli mac address)
    

    The Android Login fails with No NT/LM-Password or wrong certificate as if it's ignoring MAC authentication. I have used the mac address for the user name and the password since I had to enter something in order to be allowed to connect. I also tried with TLS with any certificate figuring the MAC authentication should bypass it.

    Can anyone help me? I only have a few IoT devices and would like to have a single SSID using MAC authentication for the IoT devices and using RADIUS to assign VLAN.

    Thanks

    Jay Quin