Re: Freeradius + LDAP + EAP-TTLS with PAP cannot login
Alan DeKok wrote:
Andreas Wetzel wrote:
Did anybody notice, that hostapd *always* sends a NAS-Port with a value of 0
for *any* connected station? This happens for me with the hostapd 0.4.8
included with FreeBSD 6.2, as well as with hostapd 0.5.8. And it is presumably
the reason, why I cannot seem to get radwho to function properly. The radutmp
module seems to use a combination of NAS-Identifier and NAS-Port to
differentiate it's records. When station-B associates to the AP, the radutmp
record for station-A gets overwritten :-(
Many AP's do something similar. Since the connection between the end
host and the AP is wireless, there's no physical port for them to
connect to. So there's no physical port to report to the RADIUS server.
Yes, but in the case of hostapd I believe this is a bug. Internally it assigns
IDs starting at index 1, which should go into the NAS-Port attribute. But for
some reason it always ends up with 0. Another issue is the Acct-Session-Id
attribute, which also seems to always contain '00000000-00000000'. And if
you have freeradius send an Acct-Session-Id in the Access-Accept reply using
the acct_unique module, it is simply ignored by hostapd.
The solution on the RADIUS server is to have a "utmp" file with a
configurable key. In this case, you would use the client MAC address.
However, doing that involves re-writing the radutmp module. It also
needs to be re-written to support IPv6, too.
... and needs to be rewritten to support a string, long enough to hold the
17 character MAC-address string from the Calling-Station-Id attribute :-)
Andreas
--
Keep it icy man.
I don't want to end up a corpse before my time because you were daydreaming.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.