<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=koi8-r">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=RU link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US>Hello,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> I would like to setup two
WLAN networks on one AP with different VLAN. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>From Radius I need MAC authorization for
network #1 and WPA(PEAP) authorization for network #2. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I have successfully setup both types of
authorization separately.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Could you please correct me about mac
authorization.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>In my debug log I see mac authorization request
:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rad_recv: Access-Request packet from host 10.10.10.139:6001,
id=7, length=115<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> User-Name =
"00-18-de-4e-8f-1d"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> User-Password = "secret"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> NAS-IP-Address = x.x.x.139<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> Called-Station-Id =
"00-20-a6-64-66-a3:A"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> Calling-Station-Id =
"00-18-de-4e-8f-1d"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> NAS-Port = 2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I have this entry in my users file :<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00-18-de-4e-8f-1d Auth-Type:=Local,
User-Password == "secret"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Is this correct(right) way to control MAC addresses
thought radius?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Another question is : what is correct way
to separate two types(MAC&PEAP) of requests to radius server?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>At this moment I have situation when my MAC
request tries to authorize thought LDAP and only afterward looks in users file.<o:p></o:p></span></p>
<div style='mso-element:para-border-div;border:none;border-bottom:double windowtext 2.25pt;
padding:0cm 0cm 1.0pt 0cm'>
<p class=MsoNormal style='border:none;padding:0cm'><span lang=EN-US><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US>rad_recv: Access-Request packet from host
89.113.128.139:6001, id=7, length=115<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> User-Name =
"00-18-de-4e-8f-1d"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> User-Password = "secret"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> NAS-IP-Address = 89.113.128.139<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> Called-Station-Id =
"00-20-a6-64-66-a3:A"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> Calling-Station-Id =
"00-18-de-4e-8f-1d"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> NAS-Port = 2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> Processing the authorize section of
radiusd.conf<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>modcall: entering group authorize for request
0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"preprocess" returns ok for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"chap" returns noop for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"mschap" returns noop for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rlm_realm: No '@' in User-Name =
"00-18-de-4e-8f-1d", looking up realm NULL<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rlm_realm: No such realm
"NULL"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"suffix" returns noop for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rlm_realm: No '\' in User-Name =
"00-18-de-4e-8f-1d", looking up realm NULL<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rlm_realm: No such realm
"NULL"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"ntdomain" returns noop for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rlm_eap: No EAP-Message, not doing EAP<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"eap" returns noop for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> users: Matched entry 00-18-de-4e-8f-1d
at line 2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"files" returns ok for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: - authorize<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: performing user authorization for
00-18-de-4e-8f-1d<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>radius_xlat:
'(&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>radius_xlat: 'dc=x,dc=xxx,dc=com'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: ldap_get_conn: Checking Id: 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: ldap_get_conn: Got Id: 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: attempting LDAP reconnection<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: (re)connect to localhost:389,
authentication 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: bind as / to localhost:389<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: waiting for bind result ...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: Bind was successful<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: performing search in dc=x,dc=xxx,dc=com,
with filter (&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: object not found or got ambiguous
search result<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: search failed<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>rlm_ldap: ldap_release_conn: Release Id: 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> modcall[authorize]: module
"ldap" returns notfound for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>modcall: leaving group authorize (returns
ok) for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rad_check_password: Found Auth-Type
Local<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>auth: type Local<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>auth: user supplied User-Password matches
local User-Password<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Sending Access-Accept of id 7 to xx.xx.xx.139
port 6001<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Finished request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Going to the next request<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>--- Walking the entire request list ---<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Waking up in 6 seconds...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>--- Walking the entire request list ---<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Cleaning up request 0 ID 7 with timestamp
47c698d<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Thank a lot <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Era<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
</div>
</body>
</html>