Problems regarding MAC address authentication
Shobhit Jindal
shobhit.jindal at ece08.itbhu.org
Mon Feb 12 23:37:08 CET 2007
yeah upgrading is high on my list :)
rlm_passwd says it provides authorization via files but i need it via LDAP.
I didnt get much from your reply, here's what am doing presently
plz suggest how should i proceed.
*********************************************************************************************************
LDAP user:
dn: uid=ashimece,cn=Ece08,cn=Students,dc=itweb
uid: ashimece
userPassword: jindal
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
objectClass: radiusprofile
cn: Ashim Dutta
radiusCallingStationId: 00-90-4B-ED-AB-52
Logs of authentication :
*********************************************************************************************************
when MAC ID is correct
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.9.1.2:1088, id=8, length=249
Message-Authenticator = 0x1aefde709d0282b89e74ef5d2df3e4ac
Service-Type = Framed-User
User-Name = "ashimece"
Framed-MTU = 1488
State = 0xefc4f78cf9a0a3f62c93cd748bf36547
Called-Station-Id = "00-15-E9-C9-5F-C0: Dr.CVR24"
Calling-Station-Id = "00-90-4B-ED-AB-52"
NAS-Identifier = "D-link Corp. Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020800261900170301001bb0362047836069aff6d4a653b9d47e05dcaa105bfa0926b49c0ab2
NAS-IP-Address = 10.9.1.2
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
modcall[authorize]: module "preprocess" returns ok for request 18
modcall[authorize]: module "chap" returns noop for request 18
modcall[authorize]: module "mschap" returns noop for request 18
rlm_realm: No '@' in User-Name = "ashimece", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 18
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
modcall[authorize]: module "files" returns ok for request 18
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ashimece
radius_xlat: '(uid=ashimece)'
radius_xlat: 'dc=itweb'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=itweb, with filter (uid=ashimece)
rlm_ldap: checking if remote access for ashimece is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-90-4B-ED-AB-52
& op=21
rlm_ldap: Adding userPassword as User-Password, value jindal & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user ashimece authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 18
modcall: group authorize returns updated for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 18
modcall: group authenticate returns ok for request 18
Sending Access-Accept of id 8 to 10.9.1.2:1088
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
MS-MPPE-Recv-Key =
0xfdd87b133b79449727654aa3a681ee48d891ee6ff1685344159acbc3ff02d820
MS-MPPE-Send-Key =
0xdcbb432b81d40d6e1d189527a911932a7b161f8b68ba2ee06e862c455967699e
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ashimece"
Finished request 18
Going to the next request
Waking up in 6 seconds...
*********************************************************************************************************
when MAC ID is *NOT* correct but is authenticated successfully
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.9.1.2:1088, id=17, length=249
Message-Authenticator = 0xaab5be28b7a3198b4432458ae62e1905
Service-Type = Framed-User
User-Name = "ashimece"
Framed-MTU = 1488
State = 0xdfdb9e22d8d2452e0a4c3daf52e757f6
Called-Station-Id = "00-15-E9-C9-5F-C0:Dr.CVR24"
Calling-Station-Id = " 00-90-4B-ED-AB-52"
NAS-Identifier = "D-link Corp. Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x021100261900170301001ba1bc4bf393dc67e00b5d456b4eda44e73fdef7b14ba0558ecbe493
NAS-IP-Address = 10.9.1.2
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
modcall[authorize]: module "preprocess" returns ok for request 27
modcall[authorize]: module "chap" returns noop for request 27
modcall[authorize]: module "mschap" returns noop for request 27
rlm_realm: No '@' in User-Name = "ashimece", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 27
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 27
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
modcall[authorize]: module "files" returns ok for request 27
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ashimece
radius_xlat: '(uid=ashimece)'
radius_xlat: 'dc=itweb'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=itweb, with filter (uid=ashimece)
rlm_ldap: checking if remote access for ashimece is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-90-4B-ED-AB-00 & op=21
rlm_ldap: Adding userPassword as User-Password, value jindal & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user ashimece authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 27
modcall: group authorize returns updated for request 27
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 27
modcall: group authenticate returns ok for request 27
Sending Access-Accept of id 17 to 10.9.1.2:1088
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
MS-MPPE-Recv-Key =
0x777bb3e1d089ab4d06e5d17cc4e75e1ce71c8a31f7ac06cf193ac2aca893eca9
MS-MPPE-Send-Key =
0x485bd639e4f35fb4fe39fe954d6a1959f3d25f149b53d22c180716bac82abac9
EAP-Message = 0x03110004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ashimece"
Finished request 27
Going to the next request
Waking up in 5 seconds...
*********************************************************************************************************
when MAC ID is correct BUT ldap *filter* is changed from uid to
radiusCallingStationId
but is *NOT* authenticated
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.9.1.2:1089, id=7, length=249
Message-Authenticator = 0xef805c6611b81ccd4e57f0a01b5a56b2
Service-Type = Framed-User
User-Name = "ashimece"
Framed-MTU = 1488
State = 0xaf77bba9c6823b2507d129594c59a524
Called-Station-Id = "00-15-E9-C9-5F-C0: Dr.CVR24"
Calling-Station-Id = "00-90-4B-ED-AB-52"
NAS-Identifier = "D-link Corp. Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020700261900170301001bd7bb65c7f80981315f61ec2779f602c81f4ec09c0c92babb82aacb
NAS-IP-Address = 10.9.1.2
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "ashimece", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 7 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
modcall[authorize]: module "files" returns ok for request 15
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ashimece
radius_xlat: '(radiusCallingStationId=00-90-4B-ED-AB-52)'
radius_xlat: 'dc=itweb'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=itweb, with filter
(radiusCallingStationId=00-90-4B-ED-AB-52)
rlm_ldap: checking if remote access for ashimece is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-90-4B-ED-AB-52 & op=21
rlm_ldap: Adding userPassword as User-Password, value jindal & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user ashimece authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 15
modcall: group authorize returns updated for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 15
modcall: group authenticate returns invalid for request 15
auth: Failed to validate the user.
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
Waking up in 6 seconds...
--
Registerd Linux User #426561
-
Shobhit Jindal
B.Tech. Part-III,
Department Of Electronics Engineering, ITBHU
INDIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070213/09c50515/attachment.html>
More information about the Freeradius-Users
mailing list