Freeradius + LDAP + EAP-TTLS with PAP cannot login

[Andreas Wetzel]

Alan DeKok wrote:
> Andreas Wetzel wrote:
>> Did anybody notice, that hostapd *always* sends a NAS-Port with a value of 0
>> for *any* connected station? This happens for me with the hostapd 0.4.8
>> included with FreeBSD 6.2, as well as with hostapd 0.5.8. And it is presumably
>> the reason, why I cannot seem to get radwho to function properly. The radutmp
>> module seems to use a combination of NAS-Identifier and NAS-Port to
>> differentiate it's records. When station-B associates to the AP, the radutmp
>> record for station-A gets overwritten :-(
> 
>   Many AP's do something similar.  Since the connection between the end
> host and the AP is wireless, there's no physical port for them to
> connect to.  So there's no physical port to report to the RADIUS server.

Yes, but in the case of hostapd I believe this is a bug. Internally it assigns
IDs starting at index 1, which should go into the NAS-Port attribute. But for
some reason it always ends up with 0. Another issue is the Acct-Session-Id
attribute, which also seems to always contain '00000000-00000000'. And if
you have freeradius send an Acct-Session-Id in the Access-Accept reply using
the acct_unique module, it is simply ignored by hostapd.

>   The solution on the RADIUS server is to have a "utmp" file with a
> configurable key.  In this case, you would use the client MAC address.
> 
>   However, doing that involves re-writing the radutmp module.  It also
> needs to be re-written to support IPv6, too.

... and needs to be rewritten to support a string, long enough to hold the
17 character MAC-address string from the Calling-Station-Id attribute :-)

Andreas

-- 
Keep it icy man.
I don't want to end up a corpse before my time because you were daydreaming.