Hello,
I would like to setup two
WLAN networks on one AP with different VLAN.
From Radius I need MAC authorization for
network #1 and WPA(PEAP) authorization for network #2.
I have successfully setup both types of
authorization separately.
Could you please correct me about mac
authorization.
In my debug log I see mac authorization request
:
rad_recv: Access-Request packet from host 10.10.10.139:6001,
id=7, length=115
User-Name =
"00-18-de-4e-8f-1d"
User-Password = "secret"
NAS-IP-Address = x.x.x.139
Called-Station-Id =
"00-20-a6-64-66-a3:A"
Calling-Station-Id =
"00-18-de-4e-8f-1d"
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
I have this entry in my users file :
00-18-de-4e-8f-1d Auth-Type:=Local,
User-Password == "secret"
Is this correct(right) way to control MAC addresses
thought radius?
Another question is : what is correct way
to separate two types(MAC&PEAP) of requests to radius server?
At this moment I have situation when my MAC
request tries to authorize thought LDAP and only afterward looks in users file.
rad_recv: Access-Request packet from host
89.113.128.139:6001, id=7, length=115
User-Name =
"00-18-de-4e-8f-1d"
User-Password = "secret"
NAS-IP-Address = 89.113.128.139
Called-Station-Id =
"00-20-a6-64-66-a3:A"
Calling-Station-Id =
"00-18-de-4e-8f-1d"
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for request
0
modcall[authorize]: module
"preprocess" returns ok for request 0
modcall[authorize]: module
"chap" returns noop for request 0
modcall[authorize]: module
"mschap" returns noop for request 0
rlm_realm: No '@' in User-Name =
"00-18-de-4e-8f-1d", looking up realm NULL
rlm_realm: No such realm
"NULL"
modcall[authorize]: module
"suffix" returns noop for request 0
rlm_realm: No '\' in User-Name =
"00-18-de-4e-8f-1d", looking up realm NULL
rlm_realm: No such realm
"NULL"
modcall[authorize]: module
"ntdomain" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module
"eap" returns noop for request 0
users: Matched entry 00-18-de-4e-8f-1d
at line 2
modcall[authorize]: module
"files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for
00-18-de-4e-8f-1d
radius_xlat:
'(&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))'
radius_xlat: 'dc=x,dc=xxx,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389,
authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=x,dc=xxx,dc=com,
with filter (&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))
rlm_ldap: object not found or got ambiguous
search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module
"ldap" returns notfound for request 0
modcall: leaving group authorize (returns
ok) for request 0
rad_check_password: Found Auth-Type
Local
auth: type Local
auth: user supplied User-Password matches
local User-Password
Sending Access-Accept of id 7 to xx.xx.xx.139
port 6001
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 7 with timestamp
47c698d
Thank a lot
Era