Hello, I would like to setup two WLAN networks on one AP with different VLAN.
From Radius I need MAC authorization for network #1 and WPA(PEAP) authorization for network #2.
I have successfully setup both types of authorization separately. Could you please correct me about mac authorization. In my debug log I see mac authorization request : rad_recv: Access-Request packet from host 10.10.10.139:6001, id=7, length=115 User-Name = "00-18-de-4e-8f-1d" User-Password = "secret" NAS-IP-Address = x.x.x.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Port = 2 NAS-Port-Type = Wireless-802.11 I have this entry in my users file : 00-18-de-4e-8f-1d Auth-Type:=Local, User-Password == "secret" Is this correct(right) way to control MAC addresses thought radius? Another question is : what is correct way to separate two types(MAC&PEAP) of requests to radius server? At this moment I have situation when my MAC request tries to authorize thought LDAP and only afterward looks in users file. rad_recv: Access-Request packet from host 89.113.128.139:6001, id=7, length=115 User-Name = "00-18-de-4e-8f-1d" User-Password = "secret" NAS-IP-Address = 89.113.128.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "00-18-de-4e-8f-1d", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_realm: No '\' in User-Name = "00-18-de-4e-8f-1d", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry 00-18-de-4e-8f-1d at line 2 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for 00-18-de-4e-8f-1d radius_xlat: '(&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))' radius_xlat: 'dc=x,dc=xxx,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as / to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=x,dc=xxx,dc=com, with filter (&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 7 to xx.xx.xx.139 port 6001 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 7 with timestamp 47c698d Thank a lot Era