<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello everyone,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I have a problem I have worked on for a couple of
days now and just can't get it to work. Searched the forum really good and
actually found a fix for one issue I was having. I have also searched the
Mikrotik forum as well as the web from one end to the other. Nothing
seems to be able to answer this one question, though.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Here is the deal. I have a working FreeRadius
server (latest version). It works with Mikrotik to authenticate with user name /
password using PAP.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Mikrotik can authenticate by MAC address, but it's
docs says it sends a blank password. What they also don't tell you in their
weak documentation, is that the colons in the MAC address will foobar freeradius
authentication. I fixed that problem by adding this to
radiusd.conf:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>attr_rewrite mac_colons
{<BR>
attribute =
User-Name<BR>
searchin =
packet<BR>
searchfor =
":"<BR>
replacewith =
""<BR>
ignore_case =
yes<BR>
new_attribute =
no<BR>
max_matches =
10<BR>
append = no<BR>
}<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>This appears to work fine. If someone would help me
with this one last issue, I would be a happy camper.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The Mikrotik documentation (weak) says that it
sends a "blank password" when authenticating by MAC. I have looked up one side
and down the other, but I can't get FreeRadius to accept no password. I tried
this, but it fails:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>attr_rewrite blank_password
{<BR>
attribute =
User-Password<BR>
searchin =
packet<BR>
searchfor =
""<BR>
replacewith =
"password"<BR>
ignore_case =
yes<BR>
new_attribute =
no<BR>
max_matches =
10<BR>
append = no<BR> }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>And then I added something like this to the "users"
file: 00095B23389F User-Password :=
"password"</FONT></DIV></DIV>
<DIV><BR></DIV></FONT>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>If there is a password, the above works. For
instance, I can change "password" to "password1" using the above
script, and it will authenticate. But if there is no password, it gets this
error:</FONT></DIV></FONT></DIV>
<DIV><FONT face=Arial size=2> </DIV></FONT>
<DIV><FONT face=Arial size=2>rlm_attr_rewrite: Could not find value pair for
attribute User-Password<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Well guys, I'm an extreme newbie with freeradius,
but there has to be something I'm missing somewhere in order to authenticate by
mac address through mikrotik. Other people are doing it. I'm just missing some
little something somewhere, I know. I have also seen other wireless equipment
that sends a blank password when authenticating by MAC...and people use
freeradius with it. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Any help would be greatly appreciated.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Jay Banks</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> </DIV>
<DIV><BR></DIV></FONT>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> </DIV></FONT>
<DIV> </DIV></BODY></HTML>