Freeradius + LDAP + EAP-TTLS with PAP cannot login
Andreas Wetzel
mickey242 at gmx.net
Wed Jul 4 12:07:52 CEST 2007
Alan DeKok wrote:
> Andreas Wetzel wrote:
>> Did anybody notice, that hostapd *always* sends a NAS-Port with a value of 0
>> for *any* connected station? This happens for me with the hostapd 0.4.8
>> included with FreeBSD 6.2, as well as with hostapd 0.5.8. And it is presumably
>> the reason, why I cannot seem to get radwho to function properly. The radutmp
>> module seems to use a combination of NAS-Identifier and NAS-Port to
>> differentiate it's records. When station-B associates to the AP, the radutmp
>> record for station-A gets overwritten :-(
>
> Many AP's do something similar. Since the connection between the end
> host and the AP is wireless, there's no physical port for them to
> connect to. So there's no physical port to report to the RADIUS server.
Yes, but in the case of hostapd I believe this is a bug. Internally it assigns
IDs starting at index 1, which should go into the NAS-Port attribute. But for
some reason it always ends up with 0. Another issue is the Acct-Session-Id
attribute, which also seems to always contain '00000000-00000000'. And if
you have freeradius send an Acct-Session-Id in the Access-Accept reply using
the acct_unique module, it is simply ignored by hostapd.
> The solution on the RADIUS server is to have a "utmp" file with a
> configurable key. In this case, you would use the client MAC address.
>
> However, doing that involves re-writing the radutmp module. It also
> needs to be re-written to support IPv6, too.
... and needs to be rewritten to support a string, long enough to hold the
17 character MAC-address string from the Calling-Station-Id attribute :-)
Andreas
--
Keep it icy man.
I don't want to end up a corpse before my time because you were daydreaming.
More information about the Freeradius-Users
mailing list