User-Name issue and mac based authentication
Hi there, I'm using Free radius for Mac Address authentication. When a use tcpdump on the radius server, the Radius Request packet contains all the mac Address. But in the "radiusd -X" output, the User-Name is truncated. The last digit is erased and so the device is rejected. Any help is appreciated. -- *Fabien COMBERNOUS* /unix system engineer/ www.kezia.com <http://www.kezia.com/> *Tel: +33 (0) 467 992 986* Kezia Group
Fabien COMBERNOUS wrote:
I'm using Free radius for Mac Address authentication.
When a use tcpdump on the radius server, the Radius Request packet contains all the mac Address. But in the "radiusd -X" output, the User-Name is truncated. The last digit is erased and so the device is rejected.
Please *show* the output of tcpdump && "radiusd -X". My guess is that you're looking at different fields in tcpdump && "radiusd -X". i.e. The server accepts all fields as the NAS sends them. It does not truncate or delete anything unless you specifically tell it to do that. Alan DeKok.
Alan DeKok wrote:
Fabien COMBERNOUS wrote:
I'm using Free radius for Mac Address authentication.
When a use tcpdump on the radius server, the Radius Request packet contains all the mac Address. But in the "radiusd -X" output, the User-Name is truncated. The last digit is erased and so the device is rejected.
Please *show* the output of tcpdump && "radiusd -X". My guess is that you're looking at different fields in tcpdump && "radiusd -X".
i.e. The server accepts all fields as the NAS sends them. It does not truncate or delete anything unless you specifically tell it to do that.
It is exactly what i thouht.The tcpdump showed that radius use what it received. We found the source of the issue. It was the nas (switch). The last version of its firware was bugged. Thank you for reading. Best regards, -- *Fabien COMBERNOUS* /unix system engineer/ www.kezia.com <http://www.kezia.com/> *Tel: +33 (0) 467 992 986* Kezia Group
participants (2)
-
Alan DeKok -
Fabien COMBERNOUS