There is a new version of the free CoovaAAA service now running. You are now able to selectively configure your account in general, and then specific devices, for MAC Address Authentication! Of course, this only works with supported access controllers and configurations - so, for only CoovaChilli (or ChilliSpot) and WiFiDog captive portals solutions - possibly others. This feature does not work for WPA Enterprise, and not needed as most clients will likely auto-connect with your configured account information.

How to configure for MAC Authentication

When logged into https://coova.org/, edit your Security Preferences to include Allow MAC Authentication, as shown below:

[img_assist nid=335 title= desc= link=none align=center width=516 height=169]

Only if this user-level option is set will any device owned by the you be allowed to authenticate automatically.

Configuring your device

You may already have some devices associated with your account. Find your device which you added by logging in, using WPA or embedded captive portal configured for coova.org AAA, at least once before.

[img_assist nid=337 title= desc= link=none align=center width=466 height=251]

Click on edit and then select the Allow MAC Authentication option. Setting this option means that your device will auto-authenticate using RADIUS at hotspots configured to perform MAC authentication with CoovaAAA services.

[img_assist nid=339 title= desc= link=none align=center width=366 height=132]

You can’t currently add client devices manually. That is a big limitation, I know, but some thought is required to prevent abuse. True, you can spoof RADIUS, but don’t want to make it easy to harvest arbitrary MAC addresses. It requires some thought and anti-abuse measures. Suggestions, comments, and help requests are welcomed.

Note: Using this feature, of course, does not improve your account security! But, for many, a risk they are willing to take for the convenience.