Check multiple attributes for one user

Tim Sylvester tim.sylvester at networkradius.com
Mon Oct 4 20:50:32 CEST 2010


> I ran Freeradius in debug mode already to check this:

Send the rest of the debug out so that we can see why the request was
rejected.

Tim



> rad_recv: Access-Request packet from host 192.168.1.170 port 3098,
> id=201,
> length=286
> User-Name = "krijn"
> NAS-Identifier = "00-0b-6b-4f-80-65:isiline"
> NAS-IP-Address = 192.168.1.170
> NAS-Port = 5
> NAS-Port-Id = "ath0"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Framed-MTU = 1400
> Called-Station-Id = "00-0B-6B-4F-80-65:isiline"
> Calling-Station-Id = "00-0B-6B-D9-D0-14"
> Event-Timestamp = "Oct  4 2010 19:10:41 CEST"
> WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=(null)"
> WISPr-Location-Name = "(null),(null)"
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x020100060319
> State = 0x697a4088697b55320faa946fa7f606af
> Message-Authenticator = 0x73ade7409a1c7def5027792de162bd0b
>
> Met vriendelijke groet/Kind regards,
>
> Krijn Tanis
> WiMood
> Kerkstraat 8/10
> 3252 AX  Goedereede
>
> Tel.: +31 (0) 187 82 0204
> Fax: +31 (0) 187 49 1596
> Mob.: +31 (0) 6 10923259
> Mail: info at wimood.nl
> Web: http://www.wimood.nl
>
>
> -----Oorspronkelijk bericht-----
> Van: freeradius-users-bounces+krijntanis=wimood.nl at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+krijntanis=wimood.nl at lists.freeradius.org]
> Namens Tim Sylvester
> Verzonden: maandag 4 oktober 2010 20:16
> Aan: 'FreeRadius users mailing list'
> Onderwerp: RE: Check multiple attributes for one user
>
> Run the server in debug mode (radiusd -X) and check the attributes sent
> by
> the NAS. The NAS may not be sending the Calling-Station-Id or it may be
> in a
> different format. Either way, the debug output is going to give you
> more
> information.
>
> Tim
>
> > -----Original Message-----
> > From: freeradius-users-
> > bounces+tim.sylvester=networkradius.com at lists.freeradius.org
> > [mailto:freeradius-users-
> > bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On
> > bounces+Behalf
> > Of Krijn Tanis | WiMood
> > Sent: Monday, October 04, 2010 10:59 AM
> > To: freeradius-users at lists.freeradius.org
> > Subject: Check multiple attributes for one user
> >
> > Hello all,
> >
> > For a project I am working on 802.1x WPA-EAP authentication and for
> > this I use a Freeradius server. This part of authentication works
> > perfect.
> >
> > Now I also want to check the Calling-Station-Id for the user, in this
> > case it is MAC address of the wireless client. I want this because I
> > want to allow the user to connect only from one MAC address (else
> user
> > is able to use a other device that is not in our control, I want to
> > prevent this. So I want to check the Password and Calling-Station-Id
> > in one and the same Access Request. If both match an Access-Accept is
> > sent, in all other cases (when password or Calling-Station-Id do not
> > match for the user) an Access-Reject.
> >
> > I tried to do this:
> >
> > +----+----------------+--------------------+------------------+------
> +
> > | id | UserName       | Attribute          | Value            | Op
> |
> > +----+----------------+--------------------+------------------+------
> +
> > |  1 | krijn          | Calling-Station-Id | 00-0B-6B-D9-D0-14| ==
> |
> > |  2 | krijn          | Cleartext-Password | test123          | :=
> |
> >
> > But this doesnt work, the user is rejected. Can somebody point me
> > into the right direction?
> >
> > Kind regards,
> >
> > Krijn Tanis
> > WiMood
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>






More information about the Freeradius-Users mailing list