<DIV>Hello,</DIV>
<DIV> </DIV>
<DIV>What is the parameter name for freeradius access requet ID?</DIV>
<DIV> </DIV>
<DIV>For example, </DIV>
<DIV>Called-Station-Id = "46-E7-CF-62-78-11"</DIV>
<DIV>Called-Station-Id is the parameter name for NAS MAC address.</DIV>
<DIV> </DIV>
<DIV>Thanks!</DIV>
<DIV> </DIV>
<DIV>Tom</DIV>
<DIV> </DIV>
<DIV><BR> </DIV>
<DIV><includetail>
<DIV> </DIV>
<DIV> </DIV>
<DIV style="COLOR: #000">
<DIV style="PADDING-BOTTOM: 2px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: Arial Narrow; FONT-SIZE: 12px; PADDING-TOP: 2px">------------------ Original ------------------</DIV>
<DIV style="PADDING-BOTTOM: 8px; PADDING-LEFT: 8px; PADDING-RIGHT: 8px; BACKGROUND: #efefef; FONT-SIZE: 12px; PADDING-TOP: 8px">
<DIV id=menu_sender><B>From: </B> "freeradius-users"<freeradius-users-request@lists.freeradius.org>;</DIV>
<DIV><B>Date: </B> Fri, Apr 20, 2012 08:12 AM</DIV>
<DIV><B>To: </B> "freeradius-users"<freeradius-users@lists.freeradius.org>; <WBR></DIV>
<DIV></DIV>
<DIV><B>Subject: </B> Freeradius-Users Digest, Vol 84, Issue 60</DIV></DIV>
<DIV> </DIV>Send Freeradius-Users mailing list submissions to<BR>freeradius-users@lists.freeradius.org<BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR>http://lists.freeradius.org/mailman/listinfo/freeradius-users<BR>or, via email, send a message with subject or body 'help' to<BR>freeradius-users-request@lists.freeradius.org<BR><BR>You can reach the person managing the list at<BR>freeradius-users-owner@lists.freeradius.org<BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Freeradius-Users digest..."<BR><BR><BR>Today's Topics:<BR><BR> 1. Re: Perl, MySQL & auth (Fabricio Flores)<BR> 2. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (alan buxey)<BR> 3. Re: Perl, MySQL & auth (alan buxey)<BR> 4. Re: using windows 8's builtin eap-ttls... Windows 8 bug<BR> (Matthew Newton)<BR> 5. Re: using windows 8's builtin eap-ttls... Windows 8 bug<BR> (alan buxey)<BR> 6. Re: Perl, MySQL & auth (Fabricio Flores)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Thu, 19 Apr 2012 10:48:28 -0500<BR>From: Fabricio Flores <fabrifloresg@gmail.com><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: Perl, MySQL & auth<BR>Message-ID:<BR><CAJfLZm94kTamUafQf5QNxs95yOti9zEEy3bQNNvb4zPdw4dAnQ@mail.gmail.com><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Hi... I worked in my perl script... i did the conection to the web service<BR>and it works... I configure freeradius (add perl and sql) in auth section,<BR>I made a debug with freeradius -X but I don?t know if freeradius read the<BR>perl script before work with mysql... i have this output:<BR>rad_recv: Access-Request packet from host 127.0.0.1 port 45894, id=120,<BR>length=62<BR>User-Name = "1104015936"<BR>User-Password = "fabricio1"<BR>NAS-IP-Address = 127.0.1.1<BR>NAS-Port = 1812<BR># Executing section authorize from file<BR>/etc/freeradius/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No '@' in User-Name = "usuario", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] No EAP-Message, not doing EAP<BR>++[eap] returns noop<BR>++[files] returns noop<BR>rlm_perl: Added pair User-Name = usuario<BR>rlm_perl: Added pair User-Password = clave<BR>rlm_perl: Added pair NAS-Port = 1812<BR>rlm_perl: Added pair NAS-IP-Address = 127.0.1.1<BR>++[perl] returns ok<BR>[sql] expand: %{User-Name} -> 1104015936<BR>[sql] sql_set_user escaped user --> 'usuario'<BR>rlm_sql (sql): Reserving sql socket id: 2<BR>[sql] expand: SELECT id, username, attribute, value, op FROM<BR>radcheck WHERE username = '%{SQL-User-Name}' ORDER BY<BR>id -> SELECT id, username, attribute, value, op FROM radcheck<BR> WHERE username = 'usuario' ORDER BY id<BR>[sql] expand: SELECT groupname FROM radusergroup WHERE<BR>username = '%{SQL-User-Name}' ORDER BY priority -> SELECT<BR>groupname FROM radusergroup WHERE username = 'usuario'<BR> ORDER BY priority<BR>rlm_sql (sql): Released sql socket id: 2<BR>[sql] User usuario not found<BR>++[sql] returns notfound<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING! No "known good" password found for the user. Authentication<BR>may fail because of this.<BR>++[pap] returns noop<BR>ERROR: No authenticate method (Auth-Type) found for the request: Rejecting<BR>the user<BR>Failed to authenticate the user.<BR>Using Post-Auth-Type Reject<BR># Executing group from file /etc/freeradius/sites-enabled/default<BR>+- entering group REJECT {...}<BR>[attr_filter.access_reject] expand: %{User-Name} -> usuario<BR> attr_filter: Matched entry DEFAULT at line 11<BR>++[attr_filter.access_reject] returns updated<BR>Delaying reject of request 1 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Sending delayed reject for request 1<BR>Sending Access-Reject of id 120 to 127.0.0.1 port 45894<BR>Waking up in 4.9 seconds.<BR>Cleaning up request 1 ID 120 with timestamp +410<BR>Ready to process requests.<BR><BR><BR><BR>El 9 de abril de 2012 16:49, Fajar A. Nugraha <list@fajar.net> escribi?:<BR><BR>> On Mon, Apr 9, 2012 at 10:49 PM, Fabricio Flores <fabrifloresg@gmail.com><BR>> wrote:<BR>> > is possible to use the perl and mysql in authorization section? in<BR>><BR>> As I've already said, yes.<BR>><BR>> --<BR>> Fajar<BR>> -<BR>> List info/subscribe/unsubscribe? See<BR>> http://www.freeradius.org/list/users.html<BR>><BR><BR><BR><BR>-- <BR>Fabricio A. Flores G.<BR>Egresado en Ingenier?a en Sistemas<BR><BR>MSN: fabri_floresg@hotmail.com<BR>Google: fabrifloresg@gmail.com<BR>Twitter: fabricioflores<BR>Skype: fabriciofloresgallardo<BR><BR>Blog Personal <http://fabricioflores.wordpress.com/><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120419/c221d954/attachment-0001.html><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Thu, 19 Apr 2012 16:53:42 +0100<BR>From: alan buxey <A.L.M.Buxey@lboro.ac.uk><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR>Message-ID: <20120419155342.GD1845@lboro.ac.uk><BR>Content-Type: text/plain; charset=us-ascii<BR><BR>hi,<BR><BR>quick look seems to show that you dont have a suitable authorise<BR>section in the inner tunnel.<BR><BR>the tunnel gets started...your client rejects the default md5 <BR>the server sent - and EAP-TTLS gets done...the username/password<BR>gets sent but has nothing to go against.... so I suggest<BR>you add <BR><BR>'ldap' to the inner-tunnel virtual server (in same way that ldap and<BR>LDAP are defined in default server...)<BR><BR>alan<BR><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Thu, 19 Apr 2012 16:56:10 +0100<BR>From: alan buxey <A.L.M.Buxey@lboro.ac.uk><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: Perl, MySQL & auth<BR>Message-ID: <20120419155610.GE1845@lboro.ac.uk><BR>Content-Type: text/plain; charset=utf-8<BR><BR>Hi,<BR><BR>> Hi... I worked in my perl script... i did the conection to the web service<BR>> and it works... I configure freeradius (add perl and sql) in auth section,<BR>> I made a debug with freeradius -X but I don?t know if freeradius read the<BR>> perl script before work with mysql... i have this output:<BR><BR>the logs show the perl being called before the sql...and the sql failing with<BR>usuario userid not being found<BR><BR><BR>alan<BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Thu, 19 Apr 2012 19:53:13 +0100<BR>From: Matthew Newton <mcn4@leicester.ac.uk><BR>To: aman.arneja@microsoft.com<BR>Cc: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: using windows 8's builtin eap-ttls... Windows 8 bug<BR>Message-ID: <20120419185313.GC10911@rootmail.cc.le.ac.uk><BR>Content-Type: text/plain; charset=us-ascii<BR><BR>Hi Aman,<BR><BR>(I'm copying freeradius-users to feedback to the thread, but<BR>as it's not really a FR issue I'm happy for you to take this<BR>off-list if you want any more details/testing).<BR><BR>On Mon, Mar 05, 2012 at 08:19:15PM +0000, Alan Buxey wrote:<BR>> right. interesting. I've just been looking into Windows 8 and I found<BR>> that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it<BR>> didnt work. but if I chose an EAP method with TTLS - eg EAP-MSCHAPv2 then<BR>> it worked fine. so more needs to be looked at there.<BR><BR>We've been digging into this a bit more and testing the TTLS<BR>support with Windows 8. Really nice to see more options than just<BR>PEAP at last :-)<BR><BR>There seems to be a bug in the Windows 8 TTLS ACK, which means<BR>that EAP-TTLS/MS-CHAPv2 doesn't work (EAP-TTLS/MSCHAP and<BR>EAP-TTLS/EAP-MSCHAP-V2 are OK).<BR><BR>Having received an Access-Accept from the inner tunnel (after the<BR>mschap module succeeded), FreeRADIUS sends an Access-Challenge<BR>back to the NAS. See src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c:675.<BR><BR>The end device should respond to the challenge with a TTLS ACK.<BR>RFC 5281 s9.2.3 says:<BR><BR> "An Acknowledgement packet is an EAP-TTLS packet with no<BR> additional data beyond the Flags octet, and with the L, M, and S<BR> bits of the Flags octet set to 0. (Note, however, that the V<BR> field MUST still be set to the appropriate version number.)"<BR><BR>(this is correctly handled in FR src/modules/rlm_eap/libeap/eap_tls.c:375)<BR><BR>The EAP-Message in the resulting Access-Request from Win8 is:<BR><BR> EAP-Message = 0x020b000a158000000000<BR><BR>Which is Response / id 11 / length 10 / type TTLS, then:<BR> flags 0x80 ('length included') followed by a length of 00000000.<BR><BR>Note the RFC says that no additional data beyond Flags, and L/M/S<BR>all set to 0 - here, L is set to 1, so it's not a correctly formed<BR>ACK (albeit looking like one with Length set to 0), so FR bombs<BR>out with:<BR><BR>[eap] processing type ttls<BR>[ttls] Authenticate<BR>[ttls] processing EAP-TLS<BR> TLS Length 0<BR>[ttls] Length Included<BR>[ttls] eaptls_verify returned 11 <BR>[ttls] SSL_read Error<BR>[ttls] Error in fragmentation logic<BR>[ttls] eaptls_process returned 4 <BR>[eap] Handler failed in EAP/ttls<BR>[eap] Failed in EAP select<BR>++[eap] returns invalid<BR>Failed to authenticate the user.<BR><BR><BR>eapol_test with EAP-TTLS/MSCHAP-v2 works fine, and sends the TTLS<BR>ACK back as:<BR><BR> EAP-Message = 0x020800061500<BR><BR>which is fine - flags all 0, no TTLS length supplied.<BR><BR><BR>Windows 8 with EAP-TTLS/MSCHAP is also fine, as there is no<BR>Access-Challenge sent; it's a direct Access-Accept with<BR>EAP-Message 0x030a0004 (Success).<BR><BR>As Alan noted, EAP-TTLS/EAP-MSCHAP-V2 also seems fine.<BR><BR>Cheers,<BR><BR>Matthew<BR><BR><BR><BR>-- <BR>Matthew Newton, Ph.D. <mcn4@le.ac.uk><BR><BR>Systems Architect (UNIX and Networks), Network Services,<BR>I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom<BR><BR>For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk><BR><BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Thu, 19 Apr 2012 22:02:27 +0100<BR>From: alan buxey <A.L.M.Buxey@lboro.ac.uk><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Cc: "aman.arneja@microsoft.com" <aman.arneja@microsoft.com><BR>Subject: Re: using windows 8's builtin eap-ttls... Windows 8 bug<BR>Message-ID: <20120419210227.GA2768@lboro.ac.uk><BR>Content-Type: text/plain; charset=us-ascii<BR><BR>Hi,<BR><BR>> We've been digging into this a bit more and testing the TTLS<BR>> support with Windows 8. Really nice to see more options than just<BR>> PEAP at last :-)<BR><BR>thanks for the further testing/verification Matthew :-)<BR><BR>alan<BR><BR><BR>------------------------------<BR><BR>Message: 6<BR>Date: Thu, 19 Apr 2012 19:12:36 -0500<BR>From: Fabricio Flores <fabrifloresg@gmail.com><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: Perl, MySQL & auth<BR>Message-ID:<BR><CAJfLZm88gdUSMR8bNZhmiKuP_Hp2QT3Jm6ODyLQmhL2K6LMgAA@mail.gmail.com><BR>Content-Type: text/plain; charset="utf-8"<BR><BR>ok i start the freeradius with freeradius -x and i have this error:<BR><BR>Can't load '/usr/lib/perl5/auto/DBI/DBI.so' for module DBI:<BR>/usr/lib/perl5/auto/DBI/DBI.so: undefined symbol: PL_memory_wrap at<BR>/usr/lib/perl/5.12/DynaLoader.pm line 192.<BR><BR>I read in another post that is an error because i use dbi of perl... so i<BR>started freeradius with:<BR><BR>LD_PRELOAD=/usr/lib/libperl.so.5.12.4 freeradius -X<BR><BR>in this way freeradius daemon starts but in the freeradius log i have this:<BR>Thu Apr 19 18:27:55 2012 : Info: Loaded virtual server inner-tunnel<BR>Thu Apr 19 18:27:55 2012 : Error: rlm_perl: perl_parse failed:<BR>/etc/freeradius/example.pl not found or has syntax errors.<BR>Thu Apr 19 18:27:55 2012 : Error: /etc/freeradius/modules/perl[7]:<BR>Instantiation failed for module "perl"<BR>Thu Apr 19 18:27:55 2012 : Error:<BR>/etc/freeradius/sites-enabled/default[265]: Failed to load module "perl".<BR>Thu Apr 19 18:27:55 2012 : Error:<BR>/etc/freeradius/sites-enabled/default[265]: Failed to parse "perl" entry.<BR>Thu Apr 19 18:27:55 2012 : Error: Failed to load virtual server <default><BR><BR>i test the perl script without freeradius variables and it works<BR><BR>El 19 de abril de 2012 10:56, alan buxey <A.L.M.Buxey@lboro.ac.uk> escribi?:<BR><BR>> Hi,<BR>><BR>> > Hi... I worked in my perl script... i did the conection to the web<BR>> service<BR>> > and it works... I configure freeradius (add perl and sql) in auth<BR>> section,<BR>> > I made a debug with freeradius -X but I don?t know if freeradius read<BR>> the<BR>> > perl script before work with mysql... i have this output:<BR>><BR>> the logs show the perl being called before the sql...and the sql failing<BR>> with<BR>> usuario userid not being found<BR>><BR>><BR>> alan<BR>> -<BR>> List info/subscribe/unsubscribe? See<BR>> http://www.freeradius.org/list/users.html<BR>><BR><BR><BR><BR>-- <BR>Fabricio A. Flores G.<BR>Egresado en Ingenier?a en Sistemas<BR><BR>MSN: fabri_floresg@hotmail.com<BR>Google: fabrifloresg@gmail.com<BR>Twitter: fabricioflores<BR>Skype: fabriciofloresgallardo<BR><BR>Blog Personal <http://fabricioflores.wordpress.com/><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120419/ef1c1158/attachment.html><BR><BR>------------------------------<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR><BR>End of Freeradius-Users Digest, Vol 84, Issue 60<BR>************************************************<BR></DIV></includetail></DIV>