Freeradius - 802.1x lan auth



  • has anybody sucessfully set this up? I'm looking for my clients to authenticate via mac on the lan rather than domain\username.
    my switch is talking to freeradius but i'm unsure how to get my clinets (windows/nix) authenticated via mac.



  • 1.) freeradius -> settings -> enable "Plain MAC_auth" (then freeradius checks the "Calling-Station-ID" sent from your NAS to freeradius)
    2.) freeradius -> MACs (enter the hosts MAC addresses here)
    3.) freeradius -> clients (enter the NAS/Switch here)
    4.) freeradius -> Interfaces (setup the interface on which freeradius should listen or chose "*" for all interfaces)

    check this:
    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#HOW-TO_-_FreeRADIUS_General_Configuration



  • i've got it going with my WAP and with another WAP with captive portal. so not a problem setting it up etc.
    I think it may be the way a windows pc presents it credentials ie username rather than MAC.
    from what i understand, i may have to create MAC users within AD.



  • Are you running two wap's in wds repeater mode?
    If so you might have problems with mac auth.
    I've tested it with a direct lan connection and through a router
    Radius users are the lan nic Mac on one pc and the WAN mac of the router. Everything on the router has access.
    If your using an AP as a client wired too another PC the AP I would try adding the AP's Mac in the pass through mac  or it's IP in  allowed Ip's



  • hi,
    the waps are on two seperate sites. both waps are hp procurves. one is set for radius authenication and the other (on a seperate site) utilises radius with the captive port.
    both work well. it's the physical lan clients (specifically windows laptops) that i need to look at.



  • Some NAS do a "fake" MAC-Auth. They put the mac address of the host as username and password.
    If that's the fac then you need to add this "user" in freeradius -> users


Log in to reply