Authenticate computers with their hostnames

Difan Zhao difan.zhao at guest-tek.com
Fri Apr 16 23:37:03 CEST 2010


Good afternoon,

 

Sorry to bother you guys again! I am trying to authenticate Windows XP
PCs (sp2) with their hostnames. It looks like PC will try to use its
hostname (in format host/<computer_name.domainname>) to authenticate
when no user is logged in.

 

I configured the "users" file and also the post-auth section of
"default" file to force accepting the request. In the debug it shows it
does accept and send back the response. I also captured the packets in
the wireshark. However the NAS (Cisco 3750 switch with newest firmware)
doesn't take it and simply ignored it and send the request again. It
repeated three times and eventually failed... 

 

Users file:

host/neteng-sp1.gtcorp.com      Auth-Type := Accept

        Tunnel-Type:0 = VLAN,

        Tunnel-Medium-Type:0 = IEEE-802,

        Tunnel-Private-Group-Id:0 = "3",

        Tunnel-Preference = 0x000000

 

Sites-available/default file:

post-auth {

...

        if(request:User-Name == "host/neteng-sp1.gtcorp.com"){

                update reply {

                        Auth-Type := Accept

                        Tunnel-Type = VLAN

                        Tunnel-Medium-Type = IEEE-802

                        Tunnel-Private-Group-ID = 3

                        Tunnel-Preference = 0

                }

        }

...

}

 

Actually it doesn't look like it's Freeradiusd's problem since it did
send back the response. It's the NAS which doesn't process the reply...
However does anybody know why? Did I miss any attributes? Anyway to work
around this problem?  

 

Alan, I think you told me once that it's not easy to fool the NAS to
accept all requests... Is this one of the case we are talking about??

 

Thank you and have a good weekend!

 

  

Difan Zhao

Network Engineer

difan.zhao at guest-tek.com

www.guest-tek.com <http://www.guest-tek.com/> 

Office: 403-509-1010 ext 3048

Cell: 403-689-7514

 

 

 

 

 

 

 

 

 


Guest-tek(tm) delivers broadband networking solutions to businesses
serving mobile users. Our products provide fast and easy plug-and-play
Internet access, IP Video-on-Demand, and Voice over IP to end users.
Through our superior implementation and support services, our partners
gain a sustainable competitive edge. With headquarters in Calgary and
Irvine, Guest-tek(tm) has been serving hospitality and related
industries since 1996. The contents of this email are confidential and
intended for the recipient only. If you have received this email in
error, please notify us, and destroy all copies.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100416/4fd7aa00/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4047 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100416/4fd7aa00/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 824 bytes
Desc: image002.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100416/4fd7aa00/attachment-0001.jpg>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hostname.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100416/4fd7aa00/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostname.pcap
Type: application/octet-stream
Size: 1059 bytes
Desc: hostname.pcap
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100416/4fd7aa00/attachment.obj>


More information about the Freeradius-Users mailing list