Calling-Station-Id not received by server : how can i solve that?

Wilfried Spillemaeckers wilfried.spillemaeckers at gmail.com
Thu Jun 17 16:45:20 CEST 2021


I have a freeradius server that I am trying to test for Mac Auth with
NTRadping tool.

When I use radclient on the server itself there is no issue.

However when I use NTRadping from a PC the server appears not to receive the
Calling-Station-Id.

If I remove the authorized_macs part I can use NTRadping (meaning using
simply a user/password combination it works, but I want to use Mac Auth).

 

Below the debug info from freeradius -X

Note that the info says "invalid user" although that user is perfectly valid
and as i said the system works for this user when i simply remove the
authorize_macs code in default.

 

Help would be appreciated....

 

Ready to process requests

(0) Received Access-Request Id 32 from 192.168.0.101:53887 to
192.168.0.10:1812 length 95

(0)   User-Name = "wilfried"

(0)   CHAP-Password = 0x242c6f4547017ed4d3b33542f148ce0515

(0)   NAS-IP-Address = 255.255.255.255

(0)   NAS-Port = 0

(0)   Service-Type = 0

(0)   Framed-IP-Address = 255.255.255.255

(0)   NAS-Port-Type = Async

(0) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default

(0)   authorize {

(0)     policy filter_username {

(0)       if (&User-Name) {

(0)       if (&User-Name)  -> TRUE

(0)       if (&User-Name)  {

(0)         if (&User-Name =~ / /) {

(0)         if (&User-Name =~ / /)  -> FALSE

(0)         if (&User-Name =~ /@[^@]*@/ ) {

(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE

(0)         if (&User-Name =~ /\.\./ ) {

(0)         if (&User-Name =~ /\.\./ )  -> FALSE

(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(0)         if (&User-Name =~ /\.$/)  {

(0)         if (&User-Name =~ /\.$/)   -> FALSE

(0)         if (&User-Name =~ /@\./)  {

(0)         if (&User-Name =~ /@\./)   -> FALSE

(0)       } # if (&User-Name)  = notfound

(0)     } # policy filter_username = notfound

(0)     policy filter_password {

(0)       if (&User-Password &&            (&User-Password !=
"%{string:User-Password}")) {

(0)       if (&User-Password &&            (&User-Password !=
"%{string:User-Password}"))  -> FALSE

(0)     } # policy filter_password = notfound

(0)     [preprocess] = ok

(0)     policy rewrite_calling_station_id {

(0)       if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9
a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {

(0)       if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9
a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))  -> FALSE

(0)       else {

(0)         [noop] = noop

(0)       } # else = noop

(0)     } # policy rewrite_calling_station_id = noop

(0) authorized_macs: EXPAND %{Calling-Station-ID}

(0) authorized_macs:    -->

(0)     [authorized_macs] = noop

(0)     if (!EAP-Message) {

(0)     if (!EAP-Message)  -> TRUE

(0)     if (!EAP-Message)  {

(0) authorized_macs: EXPAND %{Calling-Station-ID}

(0) authorized_macs:    -->

(0)       [authorized_macs] = noop

(0)       if (!ok) {

(0)       if (!ok)  -> TRUE

(0)       if (!ok)  {

(0)         [reject] = reject

(0)       } # if (!ok)  = reject

(0)     } # if (!EAP-Message)  = reject

(0)   } # authorize = reject

(0) Invalid user: [wilfried] (from client nneos port 0)

(0) Using Post-Auth-Type Reject

(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(0)   Post-Auth-Type REJECT {

(0) attr_filter.access_reject: EXPAND %{User-Name}

(0) attr_filter.access_reject:    --> wilfried

(0) attr_filter.access_reject: Matched entry DEFAULT at line 11

(0)     [attr_filter.access_reject] = updated

(0)   } # Post-Auth-Type REJECT = updated

(0) Delaying response for 1.000000 seconds

Waking up in 0.3 seconds.

Waking up in 0.6 seconds.

(0) Sending delayed response

(0) Sent Access-Reject Id 32 from 192.168.0.10:1812 to 192.168.0.101:53887
length 20

Waking up in 3.9 seconds.

(0) Cleaning up request packet ID 32 with timestamp +7

Ready to process requests

--

 

Wilfried Spillemaeckers

Vichteplaats 20

8570     Vichte

wilfried at spillemaeckers.net <mailto:wilfried at spillemaeckers.net> 

Tel. +32 5637 2766

Mob. +32 474 860 014

 



More information about the Freeradius-Users mailing list