Troubel with Cisco Aironet 1130 and MAC authentication

To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Subject: Troubel with Cisco Aironet 1130 and MAC authentication
From: Christoffer Dahl Petersen <cdp@trynix.dk>
Date: Mon, 18 Sep 2006 15:33:01 +0200
Reply-to: cdp@trynix.dk, FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hi!

I'm trying to get a Cisco Aironet 1130 to do MAC authentication with freeradius and a pgsql as backend.
I Have made my own table in the pgsql witch looks like this:
radius=> select * from maskiner;
mid |    mnavn     |       mmac         | mpwd | mattr   | mop
-----+--------------+-------------------+------------+-----------+----------+--------+
   9 | 0016cf0157f8 | 0016cf0157f8      | radius | Password | == |

where mnavn is the name of the machine, mmac is the MAC of the machine, mpwd is a password field, mattr is the attribute field, mop is the operator.

I have tried with an Avaya AP, and it works fine.
Here is the authorize table:
authorize_check_query = "SELECT mid, mmac, mattr, mpwd, mop \
   FROM maskiner WHERE LOWER(mmac) = LOWER('%{SQL-User-Name}') ORDER BY mid"

Here is the authenticate table:
authenticate_query = "select mpwd from maskiner where mmac = '%{User-Name}'";

Here is the output from freeradius:
rad_recv: Access-Request packet from host 192.168.250.28:6001, id=3, length=112
        User-Name = "0016cf0157f8"
        User-Password = "radius"
        NAS-IP-Address = 192.168.250.28
        Called-Station-Id = "00-20-a6-59-ce-93:GandrupII"
        Calling-Station-Id = "00-16-cf-01-57-f8"
        NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT mid, mmac, mattr, mpwd, mop    FROM maskiner
WHERE LOWER(mmac) = LOWER('0016cf0157f8') ORDER BY mid
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): Released sql socket id: 4
Login OK: [0016cf0157f8/radius] (from client Demo port 0 cli 00-16-cf-01-57-f8)
Sending Access-Accept of id 3 to 192.168.250.28:6001

Now since the Cisco AP is sending the User-Name and User-Password in another format we have change freeradius configuration.
Here is the authorize table:
authorize_check_query = "SELECT mid, mmac, mattr, mmac, mop FROM maskiner \
   WHERE LOWER(mmac) = LOWER('%{SQL-User-Name}') ORDER BY mid"

Here is the authenticate table:
authenticate_query = "select mmac from maskiner where mmac = '%{User-Name}'";

Here is the output from freeradius:
rad_recv: Access-Request packet from host 192.168.250.35:1645, id=148, length=115
        User-Name = "0016cf0157f8"
        User-Password = "0016cf0157f8"
        Called-Station-Id = "0017.0f84.8af0"
        Calling-Station-Id = "0016.cf01.57f8"
        Service-Type = Login-User
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 531
        NAS-IP-Address = 192.168.250.35
        NAS-Identifier = "AP-07"
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT mid, mmac, mattr, mmac, mop    FROM maskiner
WHERE LOWER(mmac) = LOWER('0016cf0157f8') ORDER BY mid
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): No matching entry in the database for request from user [0016cf0157f8]
rlm_sql (sql): Released sql socket id: 4
Login incorrect: [0016cf0157f8/0016cf0157f8] (from client Demo port 531 cli
0016.cf01.57f8)

Why won't it work with the Cisco, does it use another dictionary or....

Any help is appreciated!!

Thanks in advance,

Christoffer

Previous by Date: Re: rlm_perl link error
Next by Date: Re: FEERADIUS and SUN Directory server groups
Previous by Thread: Re: testing freeRadius
Next by Thread: ULTRA IMPORTANT! Proxy - Assertion failed in listen.c, line 558 error
Freeradius-Users September 2006 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.