rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42, length=151 User-Name = "ac221" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = "00-14-C2-B6-7D-32:eduroam" Calling-Station-Id = "00-19-E3-0C-CD-58" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000a016163323231 Message-Authenticator = 0xae11e154e1819b9fde40d27a0147ad04 Processing the authorize section of radiusd.conf +- entering group authorize ++? if ("%{NAS-IP-Address}" == "127.0.0.1") expand: %{NAS-IP-Address} -> 127.0.0.1 ? Evaluating ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE ++? if ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE ++- entering if ("%{NAS-IP-Address}" == "127.0.0.1") expand: %{Packet-Src-IP-Address} -> 139.184.6.42 Bus error
*narrowed*
authorize { # Some devices send their loopback address as Nas IP Address, overwrite this with packet source. if("%{NAS-IP-Address}" == "127.0.0.1"){ update request { NAS-IP-Address := "%{Packet-Src-IP-Address}" } } }
Heh, located the issue with the access point... If you tell it to fail over to it's internal RADIUS server after trying the primary and secondary, it'll send 127.0.0.1 to the primary and secondary too ... fun. My faith has wained quite a bit in the quality of HP products since starting this project *sigh*. -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900