Hello, I'm trying to have a WiFi client to be authenticated in the OPEN+MAC method The AP is already known as a client of the Freeradius and any other form of Radius authentication i tried worked so far (WPA, WPA2) I'm using PEAP and the clients are Windows XP (if it makes any difference) I created a new user with the MAC address of the client as the user and password : (this is a none internet connected client) ###this is for OPEN+MAC AUTH 00C0CA32A157 Cleartext-Password := "00C0CA32A157" ####### and i keep getting this error when it's trying to get the IP from the DHCP Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.10.10.3 port 55965, id=5, length=128 User-Name = "00c0ca32a157" User-Password = "00c0ca32a157" Calling-Station-Id = "00-C0-CA-32-A1-57" NAS-IP-Address = 10.10.10.3 Called-Station-Id = "00-18-25-02-11-D2:103-mac" Service-Type = Framed-User NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Framed-MTU = 1400 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "00c0ca32a157", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 00c0ca32a157 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 5 to 10.10.10.3 port 55965 Waking up in 4.9 seconds. Cleaning up request 0 ID 5 with timestamp +12 Ready to process requests. what am i missing? or (however unlikely) freeradius does not support this type of authentication any more? Thank you -- ____ Sometimes you just glow in the dark...
Tzvika Gelber wrote:
I created a new user with the MAC address of the client as the user and password : ... 00C0CA32A157 Cleartext-Password := "00C0CA32A157" ... User-Name = "00c0ca32a157" User-Password = "00c0ca32a157"
You do realize that they are different, right? The comparisons in the users file are case-sensitive. Alan DeKok.
participants (2)
-
Alan DeKok -
Tzvika Gelber