Radius MAC authentication (not working as expected)

Home Page Forums Network Management RADIUS 802.1x and Captive Portal Radius MAC authentication (not working as expected)

This topic contains 1 reply, has 0 voices, and was last updated by  jstrebel 4 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #43996

    jstrebel
    Member

    Hello,
    up to now I have not managed to make MAC Address authentication to work as I whish. The used AP’s have a function which is called “Radius MAC authentication”.

    Setup:
    Two AP’s are connected to ZEROSHELL with Radius authentication enabled. This AP’s have a Captive Portal function where users need to enter name and password.

    I login successfully at the first AP. Then I move to the second AP, the system asks me again to enter name and password. I expect that I do not to login again. But I need to enter name and password again. After this I can move back and forward without reauthentication.

    This the Radius request from the first AP I see in ZS:
    Called-Station-Id = “00:0d:b9:33:b3:fd”
    Calling-Station-Id = “10:40:f3:b8:c4:d8”

    This the Radius request from the second AP I see in ZS:
    Called-Station-Id = “00:00:24:cf:bc:c9”
    Calling-Station-Id = “10:40:f3:b8:c4:d8”

    What do I need to change (configure) in ZS to enable that users need only to authenticate once, and then they get access on all AP’s which are connected to the same ZS?
    Thank you for your help in advance Jakob

    #53394

    jstrebel
    Member

    Hi, I spent more hours to find the root cause, no success.

    I have attached a log file. In this log file I see that the Radius Server does not recognize the MAC address which I expect to be recognized as “User”

    User-Name = “ac:cf:5c:be:45:98”
    I have also tried to change DEFAULT Simultaneous user to 2 in /raddb/user file without success.

    Thank you for your help. Jakob
    Link to the Log file: http://goo.gl/8xQpVL

    #53395

    imported_fulvio
    Participant

    On my opinion the RADIUS server works correctly. The issue is that the captive portal working on the access points are not communicating with each other the authentication result. Any AP works standalone. Instead you should use e Wireless LAN Controller that coordinates your AP activities. In alternative you can use the captive portal of Zeroshell instead of the captive portal embedded in the AP.

    Regards
    Fulvio

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.