FreeRadius For MAC Authentication On Netgear Wireless Access Points - Spiceworks

4/5/2019 FreeRadius for MAC authentication on Netgear wireless access points - Spiceworks
Home > Networking > Wireless > How-tos
How to: FreeRadius for MAC authentication on Netgear wireless

access points
Keith - Randox
Jan 31, 2013 2 Minute Read
Spice (5)
Reply (4)
Subscribe
Share
How to use the freely available FreeRadius software as an authentication source for MAC address filtering on
Netgear wireless access points.
Its NOT a high security solution but a simple way of preventing casual connections from unwanted devices. It
wont stop a determined attack.
It uses the windows build of freeradius for a quick, simple install. For larger, more demanding environments,
you may want to look at the linux build and set up on a dedicated linux box. All the configurations you create
here should be useful if/when you move across to linux.
6 Steps total
Step 1: Download and install FreeRadius
I used the windows build of FreeRadius available at http://freeradius.net/
Download the package and install on a Windows XP (may work on server 2003) computer
Step 2: Configure the clients.conf file

Using the FreeRadius control panel, open the clients.conf file and save a backup copy of it. Delete all the
contents and enter a list of your wireless APs in the following format:
client 192.168.2.54 {
ipaddr=192.168.2.54
secret=ItsABigSecret
shortname=officeAP
nastype=other
}
Repeat for all the APs and save the file.
Step 3: Configure the users.conf file

Using the FreeRadius control panel, open the users.conf file and save a backup copy of it. Delete all the
contents and enter a list of your allowed mac addresses in the following format:
0000000000a Auth-Type := Local, User-Password == "0000000000a"

0000000000b Auth-Type := Local, User-Password == "0000000000b"
0000000000c Auth-Type := Local, User-Password == "0000000000c"
etc
Make sure the mac addresses are in lower case and have no seperators
Step 4: Restart the FreeRadius service

Right click on the freeradius control panel icon and select "Restart freeradius.net service"
This is needed as the service only reads the config files when it starts.
https://community.spiceworks.com/how_to/24627-freeradius-for-mac-authentication-on-netgear-wireless-access-points 1/4
Step 5: Configure the APs to point to the radius

server
Enter the IP address and leave the port number as standard. Make sure the port is open on the machine you
are using as the server.
Under the MAC filtering section, select to use the radius server as the authentication source.
Pick whatever wireless security profile you need to use (WPA, WEP etc) and configure the shared key.
Step 6: Connect a wireless client to the AP

Thats it! just point your client to the SSID, enter the key and if the MAC is on the users.conf list, it will be
allowed to connect.
You can check the log files in the var folder on the server to see allowed/failed connections.
Hope this helps anyone who has gone mad (like me) having to update dozens of MAC lists manually. You will
now have a central MAC list for all your APs
Related Discussion Groups:

Wireless
Follow
Keith Lawrence
Keith - Randox21 years in IT
607
Contributions
64
Helpful Posts
Main Areas of Contribution:

General Networking |
Microsoft Exchange |
Virtualization |
VMware |
Spiceworks General Support
4 Comments
leif2251 Jan 31, 2013 at 10:06am

Cool, very helpful
eh.my.79 Feb 19, 2013 at 3:14am

excellent short article ,easy to understand,thanks bro ,even struggling with FreeRadius web page for 2 days
you wont find such a simple explanation.thanks bro once again.
Jon7515 Jun 27, 2013 at 11:44am

Does this still work? I have followed the guide but when I try and connect the wireless client I get a popup
for EAP/TTLS requesting username and password.
I have also tried to configure this on Linux which seems to require a different method to set up and got to a
point where the MAC address is accepted but I still get this EAP / TTLS prompt.
Could it be my access point? What access points are you using?
RoboOx
This person is a verified professional.
Verify your account to enable IT peers to see that you are a professional.
Nov 26, 2013 at 10:52am
I like the look of this, but can't seem to get it to work. I have no idea why.
Add your comments on this How-to! Join the IT Network or Login.
Back to Top
Read these next...
Load More

FreeRadius For MAC Authentication On Netgear Wireless Access Points - Spiceworks

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

FreeRadius For MAC Authentication On Netgear Wireless Access Points - Spiceworks

Enviado por

Direitos autorais:

Formatos disponíveis

4/5/2019 FreeRadius for MAC authentication on Netgear wireless access points - Spiceworks

Home > Networking > Wireless > How-tos

How to: FreeRadius for MAC authentication on Netgear wireless

Step 2: Configure the clients.conf file

Repeat for all the APs and save the file.

Step 3: Configure the users.conf file

0000000000a Auth-Type := Local, User-Password == "0000000000a"

Step 4: Restart the FreeRadius service

Step 5: Configure the APs to point to the radius

Step 6: Connect a wireless client to the AP

Related Discussion Groups:

Main Areas of Contribution:

leif2251 Jan 31, 2013 at 10:06am

eh.my.79 Feb 19, 2013 at 3:14am

Jon7515 Jun 27, 2013 at 11:44am

Could it be my access point? What access points are you using?

Add your comments on this How-to! Join the IT Network or Login.

Read these next...

Você também pode gostar