Check multiple attributes for one user

Krijn Tanis | WiMood krijntanis at wimood.nl
Mon Oct 4 20:29:48 CEST 2010 

I ran Freeradius in debug mode already to check this:

rad_recv: Access-Request packet from host 192.168.1.170 port 3098, id=201,
length=286
User-Name = "krijn"
NAS-Identifier = "00-0b-6b-4f-80-65:isiline"
NAS-IP-Address = 192.168.1.170
NAS-Port = 5
NAS-Port-Id = "ath0"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Framed-MTU = 1400
Called-Station-Id = "00-0B-6B-4F-80-65:isiline"
Calling-Station-Id = "00-0B-6B-D9-D0-14"
Event-Timestamp = "Oct  4 2010 19:10:41 CEST"
WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=(null)"
WISPr-Location-Name = "(null),(null)"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060319
State = 0x697a4088697b55320faa946fa7f606af
Message-Authenticator = 0x73ade7409a1c7def5027792de162bd0b

Met vriendelijke groet/Kind regards,
 
Krijn Tanis
WiMood
Kerkstraat 8/10
3252 AX  Goedereede
 
Tel.: +31 (0) 187 82 0204
Fax: +31 (0) 187 49 1596
Mob.: +31 (0) 6 10923259
Mail: info at wimood.nl 
Web: http://www.wimood.nl


-----Oorspronkelijk bericht-----
Van: freeradius-users-bounces+krijntanis=wimood.nl at lists.freeradius.org
[mailto:freeradius-users-bounces+krijntanis=wimood.nl at lists.freeradius.org]
Namens Tim Sylvester
Verzonden: maandag 4 oktober 2010 20:16
Aan: 'FreeRadius users mailing list'
Onderwerp: RE: Check multiple attributes for one user

Run the server in debug mode (radiusd -X) and check the attributes sent by
the NAS. The NAS may not be sending the Calling-Station-Id or it may be in a
different format. Either way, the debug output is going to give you more
information.

Tim

> -----Original Message-----
> From: freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On 
> bounces+Behalf
> Of Krijn Tanis | WiMood
> Sent: Monday, October 04, 2010 10:59 AM
> To: freeradius-users at lists.freeradius.org
> Subject: Check multiple attributes for one user
>
> Hello all,
>
> For a project I am working on 802.1x WPA-EAP authentication and for 
> this I use a Freeradius server. This part of authentication works 
> perfect.
>
> Now I also want to check the Calling-Station-Id for the user, in this 
> case it is MAC address of the wireless client. I want this because I 
> want to allow the user to connect only from one MAC address (else user 
> is able to use a other device that is not in our control, I want to 
> prevent this. So I want to check the Password and Calling-Station-Id 
> in one and the same Access Request. If both match an Access-Accept is 
> sent, in all other cases (when password or Calling-Station-Id do not 
> match for the user) an Access-Reject.
>
> I tried to do this:
>
> +----+----------------+--------------------+------------------+------+
> | id | UserName       | Attribute          | Value            | Op   |
> +----+----------------+--------------------+------------------+------+
> |  1 | krijn          | Calling-Station-Id | 00-0B-6B-D9-D0-14| ==   |
> |  2 | krijn          | Cleartext-Password | test123          | :=   |
>
> But this doesnt work, the user is rejected. Can somebody point me 
> into the right direction?
>
> Kind regards,
>
> Krijn Tanis
> WiMood
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list