<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>Hi
there,</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>I'm trying to use
FreeRadius 1.1.1 to authenticate MAC addresses from a Cisco Aironet 1231
wireless access point.</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>I have the perl
module working, and it can compare a MAC address sent by the access point and
return the Access-Accept message </FONT></SPAN><SPAN
class=226511518-29042006><FONT face=Arial size=2>and the access point is all
happy. This is done using the "return RLM_MODULE_OK"
message.</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>However, returning
an Access-Reject message ("return RLM_MODULE_REJECT") just makes the access
point continually keep sending Access-Request messages every time a
Access-Reject message is returned. Is this normal? I can't see it...
</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>What I'm wanting to
do is tell the access point that this MAC address is not valid, go away until it
connects again...</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>Here is the
Access-Reject message that I return:</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>rad_recv:
Access-Request packet from host 172.20.1.201:1645, id=166,
length=113<BR> User-Name =
"009096beba0c"<BR> User-Password =
"009096beba0c"<BR> Called-Station-Id
= "0014.693c.6250"<BR>
Calling-Station-Id =
"0090.96be.ba0c"<BR> Service-Type =
Login-User<BR> NAS-Port-Type =
Wireless-802.11<BR> NAS-Port =
665<BR> NAS-IP-Address =
172.20.1.201<BR> NAS-Identifier =
"ap1"<BR>perl_pool: item 0x97a51b0 asigned new request. Handled so far:
3<BR>found interpetator at address 0x97a51b0<BR>rlm_perl: RAD_REQUEST:
NAS-Port-Type = Wireless-802.11<BR>rlm_perl: RAD_REQUEST: Service-Type =
Login-User<BR>rlm_perl: RAD_REQUEST: Calling-Station-Id =
0090.96be.ba0c<BR>rlm_perl: RAD_REQUEST: Called-Station-Id =
0014.693c.6250<BR>rlm_perl: RAD_REQUEST: Client-IP-Address =
172.20.1.201<BR>rlm_perl: RAD_REQUEST: User-Name = 009096beba0c<BR>rlm_perl:
RAD_REQUEST: NAS-Identifier = ap1<BR>rlm_perl: RAD_REQUEST: User-Password =
009096beba0c<BR>rlm_perl: RAD_REQUEST: NAS-Port = 665<BR>rlm_perl:
RAD_REQUEST: NAS-IP-Address = 172.20.1.201<BR>rlm_perl: Added pair
Password-Retry = 0<BR>rlm_perl: Added pair Reply-Message = Sorry, no
authentication<BR>perl_pool total/active/spare [3/0/3]<BR>Unreserve perl at
address 0x97a51b0<BR>Sending Access-Reject of id 166 to 172.20.1.201 port
1645<BR> Reply-Message = "Sorry, no
authentication"</FONT></SPAN></DIV></BLOCKQUOTE>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>As you can see, i've
added the Password-Retry option, but to no avail...</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial size=2>Can anyone shed any
light on this?</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226511518-29042006><FONT face=Arial
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=226511518-29042006></SPAN><SPAN
class=226511518-29042006></SPAN><FONT face=Arial size=2><SPAN
class=226511518-29042006>Dave Smith</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>