|
Hello, I would like to setup two
WLAN networks on one AP with different VLAN. From Radius I need MAC authorization for
network #1 and WPA(PEAP) authorization for network #2. I have successfully setup both types of
authorization separately. Could you please correct me about mac
authorization. In my debug log I see mac authorization request
: rad_recv: Access-Request packet from host 10.10.10.139:6001,
id=7, length=115 User-Name =
"00-18-de-4e-8f-1d" User-Password = "secret" NAS-IP-Address = x.x.x.139 Called-Station-Id =
"00-20-a6-64-66-a3:A" Calling-Station-Id =
"00-18-de-4e-8f-1d" NAS-Port = 2 NAS-Port-Type = Wireless-802.11 I have this entry in my users file : 00-18-de-4e-8f-1d Auth-Type:=Local,
User-Password == "secret" Is this correct(right) way to control MAC addresses
thought radius? Another question is : what is correct way
to separate two types(MAC&PEAP) of requests to radius server? At this moment I have situation when my MAC
request tries to authorize thought LDAP and only afterward looks in users file. rad_recv: Access-Request packet from host
89.113.128.139:6001, id=7, length=115 User-Name =
"00-18-de-4e-8f-1d" User-Password = "secret" NAS-IP-Address = 89.113.128.139 Called-Station-Id =
"00-20-a6-64-66-a3:A" Calling-Station-Id =
"00-18-de-4e-8f-1d" NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Processing the authorize section of
radiusd.conf modcall: entering group authorize for request
0 modcall[authorize]: module
"preprocess" returns ok for request 0 modcall[authorize]: module
"chap" returns noop for request 0 modcall[authorize]: module
"mschap" returns noop for request 0 rlm_realm: No '@' in User-Name =
"00-18-de-4e-8f-1d", looking up realm NULL rlm_realm: No such realm
"NULL" modcall[authorize]: module
"suffix" returns noop for request 0 rlm_realm: No '\' in User-Name =
"00-18-de-4e-8f-1d", looking up realm NULL rlm_realm: No such realm
"NULL" modcall[authorize]: module
"ntdomain" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module
"eap" returns noop for request 0 users: Matched entry 00-18-de-4e-8f-1d
at line 2 modcall[authorize]: module
"files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for
00-18-de-4e-8f-1d radius_xlat:
'(&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))' radius_xlat: 'dc=x,dc=xxx,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389,
authentication 0 rlm_ldap: bind as / to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=x,dc=xxx,dc=com,
with filter (&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount)) rlm_ldap: object not found or got ambiguous
search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module
"ldap" returns notfound for request 0 modcall: leaving group authorize (returns
ok) for request 0 rad_check_password: Found Auth-Type
Local auth: type Local auth: user supplied User-Password matches
local User-Password Sending Access-Accept of id 7 to xx.xx.xx.139
port 6001 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 7 with timestamp
47c698d Thank a lot Era |