Freeradius w/ mikrotik - blank password issue

Jay Banks jbanks at nalcomwireless.com
Thu Jun 14 19:36:45 CEST 2007


Hello everyone,

I have a problem I have worked on for a couple of days now and just can't get it to work. Searched the forum really good and actually found a fix for one issue I was having. I have also searched the Mikrotik forum as well as the web from one end to the other. Nothing seems to be able to answer this one question, though.

Here is the deal. I have a working FreeRadius server (latest version). It works with Mikrotik to authenticate with user name / password using PAP.

Mikrotik can authenticate by MAC address, but it's docs says it sends a blank password. What they also don't tell you in their weak documentation, is that the colons in the MAC address will foobar freeradius authentication. I fixed that problem by adding this to radiusd.conf:

attr_rewrite mac_colons {
                 attribute = User-Name
                 searchin = packet
                 searchfor = ":"
                 replacewith = ""
                 ignore_case = yes
                 new_attribute = no
                 max_matches = 10
                 append = no
         }

This appears to work fine. If someone would help me with this one last issue, I would be a happy camper.

The Mikrotik documentation (weak) says that it sends a "blank password" when authenticating by MAC. I have looked up one side and down the other, but I can't get FreeRadius to accept no password. I tried this, but it fails:

attr_rewrite blank_password {
                 attribute = User-Password
                 searchin = packet
                 searchfor = ""
                 replacewith = "password"
                 ignore_case = yes
                 new_attribute = no
                 max_matches = 10
                 append = no
         }

And then I added something like this to the "users" file: 00095B23389F    User-Password := "password"


If there is a password, the above works. For instance, I can change "password" to "password1" using the above script, and it will authenticate. But if there is no password, it gets this error:

rlm_attr_rewrite: Could not find value pair for attribute User-Password

Well guys, I'm an extreme newbie with freeradius, but there has to be something I'm missing somewhere in order to authenticate by mac address through mikrotik. Other people are doing it. I'm just missing some little something somewhere, I know. I have also seen other wireless equipment that sends a blank password when authenticating by MAC...and people use freeradius with it. 

Any help would be greatly appreciated.

Thanks,

Jay Banks






 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070614/d213fd6a/attachment.html>


More information about the Freeradius-Users mailing list