Troubel with Cisco Aironet 1130 and MAC authentication

Christoffer Dahl Petersen cdp at trynix.dk
Mon Sep 18 15:33:01 CEST 2006 

Hi!

I'm trying to get a Cisco Aironet 1130 to do MAC authentication with
freeradius and a pgsql as backend.
I Have made my own table in the pgsql witch looks like this:
radius=> select * from maskiner;
 mid |    mnavn     |       mmac         |  mpwd  |  mattr   | mop
-----+--------------+-------------------+------------+-----------+----------+--------+
   9 | 0016cf0157f8 | 0016cf0157f8      | radius | Password | ==  |

where mnavn is the name of the machine, mmac is the MAC of the machine,
mpwd is a password field, mattr is the attribute field, mop is the
operator.

I have tried with an Avaya AP, and it works fine.
Here is the authorize table:
authorize_check_query = "SELECT mid, mmac, mattr, mpwd, mop \
   FROM maskiner WHERE LOWER(mmac) = LOWER('%{SQL-User-Name}') ORDER BY
mid"

Here is the authenticate table:
authenticate_query = "select mpwd from maskiner where mmac =
'%{User-Name}'";

Here is the output from freeradius:
rad_recv: Access-Request packet from host 192.168.250.28:6001, id=3,
length=112
        User-Name = "0016cf0157f8"
        User-Password = "radius"
        NAS-IP-Address = 192.168.250.28
        Called-Station-Id = "00-20-a6-59-ce-93:GandrupII"
        Calling-Station-Id = "00-16-cf-01-57-f8"
        NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT mid, mmac, mattr, mpwd, mop    FROM
maskiner
  WHERE LOWER(mmac) = LOWER('0016cf0157f8') ORDER BY mid
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): Released sql socket id: 4
Login OK: [0016cf0157f8/radius] (from client Demo port 0 cli
00-16-cf-01-57-f8)
Sending Access-Accept of id 3 to 192.168.250.28:6001

Now since the Cisco AP is sending the User-Name and User-Password in
another format we have change freeradius configuration.
Here is the authorize table:
authorize_check_query = "SELECT mid, mmac, mattr, mmac, mop FROM
maskiner \
   WHERE LOWER(mmac) = LOWER('%{SQL-User-Name}') ORDER BY mid"

Here is the authenticate table:
authenticate_query = "select mmac from maskiner where mmac =
'%{User-Name}'";

Here is the output from freeradius:
rad_recv: Access-Request packet from host 192.168.250.35:1645, id=148,
length=115
        User-Name = "0016cf0157f8"
        User-Password = "0016cf0157f8"
        Called-Station-Id = "0017.0f84.8af0"
        Calling-Station-Id = "0016.cf01.57f8"
        Service-Type = Login-User
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 531
        NAS-IP-Address = 192.168.250.35
        NAS-Identifier = "AP-07"
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT mid, mmac, mattr, mmac, mop    FROM
maskiner
  WHERE LOWER(mmac) = LOWER('0016cf0157f8') ORDER BY mid
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): No matching entry in the database for request from user
[0016cf0157f8]
rlm_sql (sql): Released sql socket id: 4
Login incorrect: [0016cf0157f8/0016cf0157f8] (from client Demo port 531
cli
0016.cf01.57f8)

Why won't it work with the Cisco, does it use another dictionary or.... 

Any help is appreciated!!

Thanks in advance,

Christoffer 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060918/cbe573b8/attachment.html>

More information about the Freeradius-Users mailing list