There is a new version of the free CoovaAAA service now running. You are now able to selectively configure your account in general, and then specific devices, for MAC Address Authentication! Of course, this only works with supported access controllers and configurations - so, for only CoovaChilli (or ChilliSpot) and WiFiDog captive portals solutions - possibly others. This feature does not work for WPA Enterprise, and not needed as most clients will likely auto-connect with your configured account information.
How to configure for MAC Authentication
When logged into https://coova.org/, edit your Security Preferences to include Allow MAC Authentication, as shown below:
Only if this user-level option is set will any device owned by the you be allowed to authenticate automatically.
Configuring your device
You may already have some devices associated with your account. Find your device which you added by logging in, using WPA or embedded captive portal configured for coova.org AAA, at least once before.
Click on edit and then select the Allow MAC Authentication option. Setting this option means that your device will auto-authenticate using RADIUS at hotspots configured to perform MAC authentication with CoovaAAA services.
You can’t currently add client devices manually. That is a big limitation, I know, but some thought is required to prevent abuse. True, you can spoof RADIUS, but don’t want to make it easy to harvest arbitrary MAC addresses. It requires some thought and anti-abuse measures. Suggestions, comments, and help requests are welcomed.
Note: Using this feature, of course, does not improve your account security! But, for many, a risk they are willing to take for the convenience.