Freeradius + LDAP + EAP-TTLS with PAP cannot login
Andreas Wetzel
mickey242 at gmx.net
Wed Jul 4 17:03:14 CEST 2007
Alan DeKok wrote:
> Andreas Wetzel wrote:
>> Yes, but in the case of hostapd I believe this is a bug. Internally it assigns
>> IDs starting at index 1, which should go into the NAS-Port attribute. But for
>> some reason it always ends up with 0.
>
> Does it track multiple connections from the same host? i.e.
> connect/disconnect/connect. Will the NAS port still be the same?
hostapd maintains a chained list of station info structs. One field of which
is:
u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
This is what goes into the NAS-Port attribute. The point is, when I insert a
debug printf, that outputs this aid, when the station has associated, it
contains '1' for example. But to the time the RADIUS packet is sent, it is
'0'. And until now, I have no idea how comes. I only found one location in
the source, where aid is ever written to.
>> Another issue is the Acct-Session-Id
>> attribute, which also seems to always contain '00000000-00000000'.
>
> That's a definite bug.
Affirmative.
>> And if
>> you have freeradius send an Acct-Session-Id in the Access-Accept reply using
>> the acct_unique module, it is simply ignored by hostapd.
>
> I don't think that's possible for ANY NAS.
I remember some document mentioning, that if the RADIUS server sends an
Acct-Session-Id in the Access-Accept reply, the NAS should use this in
accounting, just like it does with a User-Name from the Access-Accept.
So I thought, I'd give it a try.
BTW: is there any IPv6 equivalent of the Framed-IP-Address attribute?
I found NAS-IPv6-Address in the dictionary files, but no
Framed-IPv6-Address.
Andreas
--
Keep it icy man.
I don't want to end up a corpse before my time because you were daydreaming.
More information about the Freeradius-Users
mailing list