Cisco Aironet Access-Reject messages

David Smith david.smith at mercyships.org
Sat Apr 29 20:22:50 CEST 2006 

Hi there,
 
I'm trying to use FreeRadius 1.1.1 to authenticate MAC addresses from a
Cisco Aironet 1231 wireless access point.
 
I have the perl module working, and it can compare a MAC address sent by the
access point and return the Access-Accept message and the access point is
all happy. This is done using the "return RLM_MODULE_OK" message.
 
However, returning an Access-Reject message ("return RLM_MODULE_REJECT")
just makes the access point continually keep sending Access-Request messages
every time a Access-Reject message is returned. Is this normal? I can't see
it... 
 
What I'm wanting to do is tell the access point that this MAC address is not
valid, go away until it connects again...
 
Here is the Access-Reject message that I return:

rad_recv: Access-Request packet from host 172.20.1.201:1645, id=166,
length=113
        User-Name = "009096beba0c"
        User-Password = "009096beba0c"
        Called-Station-Id = "0014.693c.6250"
        Calling-Station-Id = "0090.96be.ba0c"
        Service-Type = Login-User
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 665
        NAS-IP-Address = 172.20.1.201
        NAS-Identifier = "ap1"
perl_pool: item 0x97a51b0 asigned new request. Handled so far: 3
found interpetator at address 0x97a51b0
rlm_perl: RAD_REQUEST: NAS-Port-Type = Wireless-802.11
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: Calling-Station-Id = 0090.96be.ba0c
rlm_perl: RAD_REQUEST: Called-Station-Id = 0014.693c.6250
rlm_perl: RAD_REQUEST: Client-IP-Address = 172.20.1.201
rlm_perl: RAD_REQUEST: User-Name = 009096beba0c
rlm_perl: RAD_REQUEST: NAS-Identifier = ap1
rlm_perl: RAD_REQUEST: User-Password = 009096beba0c
rlm_perl: RAD_REQUEST: NAS-Port = 665
rlm_perl: RAD_REQUEST: NAS-IP-Address = 172.20.1.201
rlm_perl: Added pair Password-Retry = 0
rlm_perl: Added pair Reply-Message = Sorry, no authentication
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x97a51b0
Sending Access-Reject of id 166 to 172.20.1.201 port 1645
        Reply-Message = "Sorry, no authentication"

As you can see, i've added the Password-Retry option, but to no avail...
 
Can anyone shed any light on this?
 
Thanks,
Dave Smith
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060429/ca4f1ad5/attachment.html>

More information about the Freeradius-Users mailing list