<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-CA link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>You will need EAP-MD5 to do authentication with Juniper EX
switch as authenticator. Enable eap in your authorize and authenticate section.
The default settings in eap.conf should work without any tweaks. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>
freeradius-users-bounces+cxu=unbsj.ca@lists.freeradius.org
[mailto:freeradius-users-bounces+cxu=unbsj.ca@lists.freeradius.org] <b>On
Behalf Of </b>ralfheise@freenet.de<br>
<b>Sent:</b> August 10, 2010 11:31 AM<br>
<b>To:</b> freeradius-users@lists.freeradius.org<br>
<b>Subject:</b> MAC based authentication<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Hi<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>I want to deploy MAC based RADIUS
authentication (only - non responsive hosts). To be honest, I don't want to
authenticate users at all, all I want is to assign hosts dynamically to
different VLANS according to their MAC address.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>The one side is done by a Juniper EX series
switch, which is - I think - configured appropriately and forwards requests to
my RADIUS server (freeradius 2.1.9+dfsg-1+b on Debian Squeeze/Testing).<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>My radiusd.conf is:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>prefix = /usr<br>
exec_prefix = /usr<br>
sysconfdir = /etc<br>
localstatedir = /var<br>
sbindir = ${exec_prefix}/sbin<br>
logdir = /var/log/freeradius<br>
raddbdir = /etc/freeradius<br>
radacctdir = ${logdir}/radacct<br>
<br>
name = freeradius<br>
<br>
confdir = ${raddbdir}<br>
run_dir = ${localstatedir}/run/${name}<br>
db_dir = ${raddbdir}<br>
libdir = /usr/lib/freeradius<br>
<br>
pidfile = ${run_dir}/${name}.pid<br>
<br>
user = freerad<br>
group = freerad<br>
<br>
max_request_time = 30<br>
<br>
cleanup_delay = 5<br>
<br>
max_requests = 1024<br>
<br>
listen {<br>
type = auth<br>
ipaddr = *<br>
port = 0<br>
}<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>hostname_lookups = no<br>
allow_core_dumps = no<br>
<br>
regular_expressions = yes<br>
extended_expressions = yes<br>
<br>
log {<br>
destination = files<br>
file = ${logdir}/radius.log<br>
syslog_facility = daemon<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
<br>
checkrad = ${sbindir}/checkrad<br>
<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
<br>
proxy_requests = yes<br>
<br>
<br>
client switch {<br>
ipaddr = 10.10.10.254<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>
secret = juniper<br>
require_message_authenticator = no<br>
nastype =
other<br>
}<br>
<br>
<br>
thread pool {<br>
start_servers = 5<br>
max_servers = 32<br>
min_spare_servers = 3<br>
max_spare_servers = 10<br>
max_requests_per_server = 0<br>
}<br>
<br>
modules {<br>
$INCLUDE ${confdir}/modules/<br>
$INCLUDE eap.conf<br>
}<br>
<br>
instantiate {<br>
exec<br>
expr<br>
expiration<br>
logintime<br>
<br>
}<br>
<br>
authorize {<br>
preprocess<br>
files<br>
}<br>
<br>
authenticate {<br>
}<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>You can see, I disabled any authentication
method beside of files. The users file is this:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>aa00007f9c90 Auth-Type :=
"EAP", Cleartext-Password == aa00007f9c90<br>
Tunnel-Type = VLAN,<br>
Tunnel-Medium-Type = IEEE-802,<br>
Tunnel-Private-Group-Id =
"110"<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Now I start auth:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>root@EX4200-VC> restart
dot1x-protocol <br>
Port based Network Access Control started, pid 25579<br>
<br>
{master:0}<br>
root@EX4200-VC> show dot1x interface <br>
802.1X Information:<br>
Interface
Role
State MAC
address User<br>
ge-1/0/4.0 Authenticator
Connecting <br>
ge-1/0/5.0 Authenticator Connecting<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>and on the radius server:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>root@data:~# freeradius -X <br>
FreeRADIUS Version 2.1.9, for host x86_64-pc-linux-gnu, built on Jun 18 2010 at
03:16:00<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>
PARTICULAR PURPOSE. <br>
You may redistribute copies of FreeRADIUS under the terms of the <br>
GNU General Public License v2. <br>
Starting - reading configuration files ...<br>
including configuration file /etc/freeradius/radiusd.conf<br>
including files in directory /etc/freeradius/modules/<br>
including configuration file /etc/freeradius/modules/always<br>
including configuration file /etc/freeradius/modules/chap<br>
including configuration file /etc/freeradius/modules/otp<br>
including configuration file /etc/freeradius/modules/realm<br>
including configuration file /etc/freeradius/modules/linelog<br>
including configuration file /etc/freeradius/modules/ldap<br>
including configuration file /etc/freeradius/modules/passwd<br>
including configuration file /etc/freeradius/modules/mac2ip<br>
including configuration file /etc/freeradius/modules/acct_unique<br>
including configuration file /etc/freeradius/modules/counter<br>
including configuration file /etc/freeradius/modules/inner-eap<br>
including configuration file /etc/freeradius/modules/krb5<br>
including configuration file /etc/freeradius/modules/wimax<br>
including configuration file /etc/freeradius/modules/files<br>
including configuration file /etc/freeradius/modules/expr<br>
including configuration file /etc/freeradius/modules/pap<br>
including configuration file /etc/freeradius/modules/detail.log<br>
including configuration file /etc/freeradius/modules/expiration<br>
including configuration file /etc/freeradius/modules/attr_rewrite<br>
including configuration file /etc/freeradius/modules/ippool<br>
including configuration file /etc/freeradius/modules/unix<br>
including configuration file /etc/freeradius/modules/detail.example.com<br>
including configuration file /etc/freeradius/modules/mschap<br>
including configuration file /etc/freeradius/modules/echo<br>
including configuration file /etc/freeradius/modules/mac2vlan<br>
including configuration file /etc/freeradius/modules/checkval<br>
including configuration file /etc/freeradius/modules/pam<br>
including configuration file /etc/freeradius/modules/etc_group<br>
including configuration file /etc/freeradius/modules/perl<br>
including configuration file /etc/freeradius/modules/ntlm_auth<br>
including configuration file /etc/freeradius/modules/attr_filter<br>
including configuration file /etc/freeradius/modules/preprocess<br>
including configuration file /etc/freeradius/modules/sradutmp<br>
including configuration file /etc/freeradius/modules/smbpasswd<br>
including configuration file /etc/freeradius/modules/cui<br>
including configuration file /etc/freeradius/modules/smsotp<br>
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login<br>
including configuration file /etc/freeradius/modules/detail<br>
including configuration file /etc/freeradius/modules/logintime<br>
including configuration file /etc/freeradius/modules/exec<br>
including configuration file /etc/freeradius/modules/digest<br>
including configuration file /etc/freeradius/modules/sql_log<br>
including configuration file /etc/freeradius/modules/policy<br>
including configuration file /etc/freeradius/modules/radutmp<br>
including configuration file /etc/freeradius/eap.conf<br>
main {<br>
user = "freerad"<br>
group = "freerad"<br>
allow_core_dumps = no<br>
}<br>
including dictionary file /etc/freeradius/dictionary<br>
main {<br>
prefix = "/usr"<br>
localstatedir = "/var"<br>
logdir =
"/var/log/freeradius"<br>
libdir =
"/usr/lib/freeradius"<br>
radacctdir =
"/var/log/freeradius/radacct"<br>
hostname_lookups = no<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
pidfile =
"/var/run/freeradius/freeradius.pid"<br>
checkrad =
"/usr/sbin/checkrad"<br>
debug_level = 0<br>
proxy_requests = yes<br>
log {<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
}<br>
radiusd: #### Loading Realms and Home Servers ####<br>
...<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating expiration<br>
expiration {<br>
reply-message = "Password Has
Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating logintime<br>
logintime {<br>
reply-message = "You are
calling outside your allowed timespan "<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<br>
server {<br>
modules {<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating preprocess<br>
preprocess {<br>
huntgroups = "/etc/freeradius/huntgroups"<br>
hints =
"/etc/freeradius/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating files<br>
files {<br>
usersfile =
"/etc/freeradius/users"<br>
acctusersfile =
"/etc/freeradius/acct_users"<br>
preproxy_usersfile =
"/etc/freeradius/preproxy_users"<br>
compat = "no"<br>
}<br>
} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
type = "auth"<br>
ipaddr = *<br>
port = 0<br>
}<br>
Listening on authentication address * port 1812<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>If I now try to communicate through the
interface to be authenticated I get:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Hi<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>I want to deploy MAC based RADIUS
authentication (only - non responsive hosts). To be honest, I don't want to
authenticate users at all, all I want is to assign hosts dynamically to
different VLANS according to their MAC address.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>The one side is done by a Juniper EX series
switch, which is - I think - configured appropriately and forwards requests to
my RADIUS server (freeradius 2.1.9+dfsg-1+b on Debian Squeeze/Testing).<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>My radiusd.conf is:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>prefix = /usr<br>
exec_prefix = /usr<br>
sysconfdir = /etc<br>
localstatedir = /var<br>
sbindir = ${exec_prefix}/sbin<br>
logdir = /var/log/freeradius<br>
raddbdir = /etc/freeradius<br>
radacctdir = ${logdir}/radacct<br>
<br>
name = freeradius<br>
<br>
confdir = ${raddbdir}<br>
run_dir = ${localstatedir}/run/${name}<br>
db_dir = ${raddbdir}<br>
libdir = /usr/lib/freeradius<br>
<br>
pidfile = ${run_dir}/${name}.pid<br>
<br>
user = freerad<br>
group = freerad<br>
<br>
max_request_time = 30<br>
<br>
cleanup_delay = 5<br>
<br>
max_requests = 1024<br>
<br>
listen {<br>
type = auth<br>
ipaddr = *<br>
port = 0<br>
}<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>hostname_lookups = no<br>
allow_core_dumps = no<br>
<br>
regular_expressions = yes<br>
extended_expressions = yes<br>
<br>
log {<br>
destination = files<br>
file = ${logdir}/radius.log<br>
syslog_facility = daemon<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
<br>
checkrad = ${sbindir}/checkrad<br>
<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
<br>
proxy_requests = yes<br>
<br>
<br>
client switch {<br>
ipaddr = 10.10.10.254<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>
secret = juniper<br>
require_message_authenticator = no<br>
nastype =
other<br>
}<br>
<br>
<br>
thread pool {<br>
start_servers = 5<br>
max_servers = 32<br>
min_spare_servers = 3<br>
max_spare_servers = 10<br>
max_requests_per_server = 0<br>
}<br>
<br>
modules {<br>
$INCLUDE ${confdir}/modules/<br>
$INCLUDE eap.conf<br>
}<br>
<br>
instantiate {<br>
exec<br>
expr<br>
expiration<br>
logintime<br>
<br>
}<br>
<br>
authorize {<br>
preprocess<br>
files<br>
}<br>
<br>
authenticate {<br>
}<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>You can see, I disabled any authentication
method beside of files. The users file is this:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>aa00007f9c90 Auth-Type :=
"EAP", Cleartext-Password == aa00007f9c90<br>
Tunnel-Type = VLAN,<br>
Tunnel-Medium-Type = IEEE-802,<br>
Tunnel-Private-Group-Id =
"110"<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Now I start auth:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>root@EX4200-VC> restart
dot1x-protocol <br>
Port based Network Access Control started, pid 25579<br>
<br>
{master:0}<br>
root@EX4200-VC> show dot1x interface <br>
802.1X Information:<br>
Interface
Role
State MAC
address User<br>
ge-1/0/4.0 Authenticator
Connecting <br>
ge-1/0/5.0 Authenticator Connecting<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>and on the radius server:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>root@data:~# freeradius -X <br>
FreeRADIUS Version 2.1.9, for host x86_64-pc-linux-gnu, built on Jun 18 2010 at
03:16:00<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>
PARTICULAR PURPOSE. <br>
You may redistribute copies of FreeRADIUS under the terms of the <br>
GNU General Public License v2. <br>
Starting - reading configuration files ...<br>
including configuration file /etc/freeradius/radiusd.conf<br>
including files in directory /etc/freeradius/modules/<br>
including configuration file /etc/freeradius/modules/always<br>
including configuration file /etc/freeradius/modules/chap<br>
including configuration file /etc/freeradius/modules/otp<br>
including configuration file /etc/freeradius/modules/realm<br>
including configuration file /etc/freeradius/modules/linelog<br>
including configuration file /etc/freeradius/modules/ldap<br>
including configuration file /etc/freeradius/modules/passwd<br>
including configuration file /etc/freeradius/modules/mac2ip<br>
including configuration file /etc/freeradius/modules/acct_unique<br>
including configuration file /etc/freeradius/modules/counter<br>
including configuration file /etc/freeradius/modules/inner-eap<br>
including configuration file /etc/freeradius/modules/krb5<br>
including configuration file /etc/freeradius/modules/wimax<br>
including configuration file /etc/freeradius/modules/files<br>
including configuration file /etc/freeradius/modules/expr<br>
including configuration file /etc/freeradius/modules/pap<br>
including configuration file /etc/freeradius/modules/detail.log<br>
including configuration file /etc/freeradius/modules/expiration<br>
including configuration file /etc/freeradius/modules/attr_rewrite<br>
including configuration file /etc/freeradius/modules/ippool<br>
including configuration file /etc/freeradius/modules/unix<br>
including configuration file /etc/freeradius/modules/detail.example.com<br>
including configuration file /etc/freeradius/modules/mschap<br>
including configuration file /etc/freeradius/modules/echo<br>
including configuration file /etc/freeradius/modules/mac2vlan<br>
including configuration file /etc/freeradius/modules/checkval<br>
including configuration file /etc/freeradius/modules/pam<br>
including configuration file /etc/freeradius/modules/etc_group<br>
including configuration file /etc/freeradius/modules/perl<br>
including configuration file /etc/freeradius/modules/ntlm_auth<br>
including configuration file /etc/freeradius/modules/attr_filter<br>
including configuration file /etc/freeradius/modules/preprocess<br>
including configuration file /etc/freeradius/modules/sradutmp<br>
including configuration file /etc/freeradius/modules/smbpasswd<br>
including configuration file /etc/freeradius/modules/cui<br>
including configuration file /etc/freeradius/modules/smsotp<br>
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login<br>
including configuration file /etc/freeradius/modules/detail<br>
including configuration file /etc/freeradius/modules/logintime<br>
including configuration file /etc/freeradius/modules/exec<br>
including configuration file /etc/freeradius/modules/digest<br>
including configuration file /etc/freeradius/modules/sql_log<br>
including configuration file /etc/freeradius/modules/policy<br>
including configuration file /etc/freeradius/modules/radutmp<br>
including configuration file /etc/freeradius/eap.conf<br>
main {<br>
user = "freerad"<br>
group = "freerad"<br>
allow_core_dumps = no<br>
}<br>
including dictionary file /etc/freeradius/dictionary<br>
main {<br>
prefix = "/usr"<br>
localstatedir = "/var"<br>
logdir =
"/var/log/freeradius"<br>
libdir =
"/usr/lib/freeradius"<br>
radacctdir =
"/var/log/freeradius/radacct"<br>
hostname_lookups = no<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
pidfile =
"/var/run/freeradius/freeradius.pid"<br>
checkrad =
"/usr/sbin/checkrad"<br>
debug_level = 0<br>
proxy_requests = yes<br>
log {<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
}<br>
radiusd: #### Loading Realms and Home Servers ####<br>
...<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating expiration<br>
expiration {<br>
reply-message = "Password Has
Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating logintime<br>
logintime {<br>
reply-message = "You are
calling outside your allowed timespan "<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<br>
server {<br>
modules {<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating preprocess<br>
preprocess {<br>
huntgroups =
"/etc/freeradius/huntgroups"<br>
hints =
"/etc/freeradius/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating files<br>
files {<br>
usersfile =
"/etc/freeradius/users"<br>
acctusersfile = "/etc/freeradius/acct_users"<br>
preproxy_usersfile =
"/etc/freeradius/preproxy_users"<br>
compat = "no"<br>
}<br>
} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
type = "auth"<br>
ipaddr = *<br>
port = 0<br>
}<br>
Listening on authentication address * port 1812<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>If I now try to communicate through the
interface to be authenticated I get:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Hi<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>I want to deploy MAC based RADIUS
authentication (only - non responsive hosts). To be honest, I don't want to
authenticate users at all, all I want is to assign hosts dynamically to
different VLANS according to their MAC address.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>The one side is done by a Juniper EX series
switch, which is - I think - configured appropriately and forwards requests to
my RADIUS server (freeradius 2.1.9+dfsg-1+b on Debian Squeeze/Testing).<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>My radiusd.conf is:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>prefix = /usr<br>
exec_prefix = /usr<br>
sysconfdir = /etc<br>
localstatedir = /var<br>
sbindir = ${exec_prefix}/sbin<br>
logdir = /var/log/freeradius<br>
raddbdir = /etc/freeradius<br>
radacctdir = ${logdir}/radacct<br>
<br>
name = freeradius<br>
<br>
confdir = ${raddbdir}<br>
run_dir = ${localstatedir}/run/${name}<br>
db_dir = ${raddbdir}<br>
libdir = /usr/lib/freeradius<br>
<br>
pidfile = ${run_dir}/${name}.pid<br>
<br>
user = freerad<br>
group = freerad<br>
<br>
max_request_time = 30<br>
<br>
cleanup_delay = 5<br>
<br>
max_requests = 1024<br>
<br>
listen {<br>
type = auth<br>
ipaddr = *<br>
port = 0<br>
}<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>hostname_lookups = no<br>
allow_core_dumps = no<br>
<br>
regular_expressions = yes<br>
extended_expressions = yes<br>
<br>
log {<br>
destination = files<br>
file = ${logdir}/radius.log<br>
syslog_facility = daemon<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
<br>
checkrad = ${sbindir}/checkrad<br>
<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
<br>
proxy_requests = yes<br>
<br>
<br>
client switch {<br>
ipaddr = 10.10.10.254<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>
secret = juniper<br>
require_message_authenticator = no<br>
nastype =
other<br>
}<br>
<br>
<br>
thread pool {<br>
start_servers = 5<br>
max_servers = 32<br>
min_spare_servers = 3<br>
max_spare_servers = 10<br>
max_requests_per_server = 0<br>
}<br>
<br>
modules {<br>
$INCLUDE ${confdir}/modules/<br>
$INCLUDE eap.conf<br>
}<br>
<br>
instantiate {<br>
exec<br>
expr<br>
expiration<br>
logintime<br>
<br>
}<br>
<br>
authorize {<br>
preprocess<br>
files<br>
}<br>
<br>
authenticate {<br>
}<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>You can see, I disabled any authentication
method beside of files. The users file is this:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>aa00007f9c90 Auth-Type :=
"EAP", Cleartext-Password == aa00007f9c90<br>
Tunnel-Type = VLAN,<br>
Tunnel-Medium-Type = IEEE-802,<br>
Tunnel-Private-Group-Id =
"110"<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Now I start auth:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>root@EX4200-VC> restart
dot1x-protocol <br>
Port based Network Access Control started, pid 25579<br>
<br>
{master:0}<br>
root@EX4200-VC> show dot1x interface <br>
802.1X Information:<br>
Interface
Role
State MAC
address User<br>
ge-1/0/4.0 Authenticator
Connecting <br>
ge-1/0/5.0 Authenticator Connecting<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>and on the radius server:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>root@data:~# freeradius -X <br>
FreeRADIUS Version 2.1.9, for host x86_64-pc-linux-gnu, built on Jun 18 2010 at
03:16:00<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>
PARTICULAR PURPOSE. <br>
You may redistribute copies of FreeRADIUS under the terms of the <br>
GNU General Public License v2. <br>
Starting - reading configuration files ...<br>
including configuration file /etc/freeradius/radiusd.conf<br>
including files in directory /etc/freeradius/modules/<br>
including configuration file /etc/freeradius/modules/always<br>
including configuration file /etc/freeradius/modules/chap<br>
including configuration file /etc/freeradius/modules/otp<br>
including configuration file /etc/freeradius/modules/realm<br>
including configuration file /etc/freeradius/modules/linelog<br>
including configuration file /etc/freeradius/modules/ldap<br>
including configuration file /etc/freeradius/modules/passwd<br>
including configuration file /etc/freeradius/modules/mac2ip<br>
including configuration file /etc/freeradius/modules/acct_unique<br>
including configuration file /etc/freeradius/modules/counter<br>
including configuration file /etc/freeradius/modules/inner-eap<br>
including configuration file /etc/freeradius/modules/krb5<br>
including configuration file /etc/freeradius/modules/wimax<br>
including configuration file /etc/freeradius/modules/files<br>
including configuration file /etc/freeradius/modules/expr<br>
including configuration file /etc/freeradius/modules/pap<br>
including configuration file /etc/freeradius/modules/detail.log<br>
including configuration file /etc/freeradius/modules/expiration<br>
including configuration file /etc/freeradius/modules/attr_rewrite<br>
including configuration file /etc/freeradius/modules/ippool<br>
including configuration file /etc/freeradius/modules/unix<br>
including configuration file /etc/freeradius/modules/detail.example.com<br>
including configuration file /etc/freeradius/modules/mschap<br>
including configuration file /etc/freeradius/modules/echo<br>
including configuration file /etc/freeradius/modules/mac2vlan<br>
including configuration file /etc/freeradius/modules/checkval<br>
including configuration file /etc/freeradius/modules/pam<br>
including configuration file /etc/freeradius/modules/etc_group<br>
including configuration file /etc/freeradius/modules/perl<br>
including configuration file /etc/freeradius/modules/ntlm_auth<br>
including configuration file /etc/freeradius/modules/attr_filter<br>
including configuration file /etc/freeradius/modules/preprocess<br>
including configuration file /etc/freeradius/modules/sradutmp<br>
including configuration file /etc/freeradius/modules/smbpasswd<br>
including configuration file /etc/freeradius/modules/cui<br>
including configuration file /etc/freeradius/modules/smsotp<br>
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login<br>
including configuration file /etc/freeradius/modules/detail<br>
including configuration file /etc/freeradius/modules/logintime<br>
including configuration file /etc/freeradius/modules/exec<br>
including configuration file /etc/freeradius/modules/digest<br>
including configuration file /etc/freeradius/modules/sql_log<br>
including configuration file /etc/freeradius/modules/policy<br>
including configuration file /etc/freeradius/modules/radutmp<br>
including configuration file /etc/freeradius/eap.conf<br>
main {<br>
user = "freerad"<br>
group = "freerad"<br>
allow_core_dumps = no<br>
}<br>
including dictionary file /etc/freeradius/dictionary<br>
main {<br>
prefix = "/usr"<br>
localstatedir = "/var"<br>
logdir =
"/var/log/freeradius"<br>
libdir =
"/usr/lib/freeradius"<br>
radacctdir =
"/var/log/freeradius/radacct"<br>
hostname_lookups = no<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
pidfile =
"/var/run/freeradius/freeradius.pid"<br>
checkrad =
"/usr/sbin/checkrad"<br>
debug_level = 0<br>
proxy_requests = yes<br>
log {<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
}<br>
radiusd: #### Loading Realms and Home Servers ####<br>
...<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating expiration<br>
expiration {<br>
reply-message = "Password Has
Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating logintime<br>
logintime {<br>
reply-message = "You are
calling outside your allowed timespan "<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<br>
server {<br>
modules {<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating preprocess<br>
preprocess {<br>
huntgroups =
"/etc/freeradius/huntgroups"<br>
hints =
"/etc/freeradius/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating files<br>
files {<br>
usersfile =
"/etc/freeradius/users"<br>
acctusersfile =
"/etc/freeradius/acct_users"<br>
preproxy_usersfile =
"/etc/freeradius/preproxy_users"<br>
compat = "no"<br>
}<br>
} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
type = "auth"<br>
ipaddr = *<br>
port = 0<br>
}<br>
Listening on authentication address * port 1812<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>If I now try to communicate through the interface
to be authenticated I get:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>rad_recv: Access-Request packet from host
10.10.10.254 port 58798, id=45, length=118<br>
User-Name = "aa00007f9c90"<br>
NAS-Port = 119<br>
EAP-Message =
0x0200001101616130303030376639633930<br>
Message-Authenticator =
0x4ab3cccda64e92e76dfa2a97172cebca<br>
Acct-Session-Id =
"8O2.1x81eb00c2"<br>
NAS-Identifier =
"EX4200-VC"<br>
NAS-Port-Type = Virtual<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[files] returns noop<br>
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user<br>
Failed to authenticate the user.<br>
Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 0<br>
Sending Access-Reject of id 45 to 10.10.10.254 port 58798<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 45 with timestamp +62<br>
Ready to process requests.<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>and on the switch it remains on:<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>ge-1/0/4.0<br>
Role: Authenticator<br>
Administrative state: Auto<br>
Supplicant mode: Multiple<br>
Number of retries: 3<br>
Quiet period: 60 seconds<br>
Transmit period: 30 seconds<br>
Mac Radius: Disabled<br>
Mac Radius Strict: Enabled<br>
Reauthentication: Enabled Reauthentication interval: 3600 seconds<br>
Supplicant timeout: 30 seconds<br>
Server timeout: 30 seconds<br>
Maximum EAPOL requests: 2<br>
Guest VLAN member: <br>
Number of connected supplicants: 1<br>
Supplicant: aa00007f9c90, AA:00:00:7F:9C:90<br>
Operational state: Authenticating<br>
Authentcation method: Radius<br>
Authenticated VLAN: configured/default<br>
Reauthentication due in 0 seconds<o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Any clues?<o:p></o:p></span></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>freenetMail
- Der zuverlässige E-Mail-Dienst von freenet.de<br>
Jetzt kostenlose E-Mail-Adresse mit 1 GB Speicher und Profi-Spamschutz sichern!<br>
<a href="http://tls.freenet.de/tipp/1gb-speicher/index.html" target="_blank">Sofort
anmelden!</a><o:p></o:p></span></p>
</div>
</div>
</body>
</html>