MAC Auth (new problem)

tnt at kalik.net tnt at kalik.net
Mon Dec 15 19:45:40 CET 2008


>Ready to process requests.
>rad_recv: Access-Request packet from host 172.30.0.165 port 6001, id=3, 
>length=69
>        User-Name = "00:19:79:0F:98:3D"
>        User-Password = "cnett1298"
>        NAS-IP-Address = 172.30.0.165
>        NAS-Port = 0
>server proxim {
>+- entering group authorize {...}
>++[preprocess] returns ok
>[suffix] No '@' in User-Name = "00:19:79:0F:98:3D", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[sql_ap2000]    expand: %{User-Name} -> 00:19:79:0F:98:3D
>[sql_ap2000] sql_set_user escaped user --> '00:19:79:0F:98:3D'
>rlm_sql (sql_ap2000): Reserving sql socket id: 4
>[sql_ap2000]    expand: SELECT id, username, attribute, value, 
>op           FROM radcheck           WHERE value = 
>'%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, 
>attribute, value, op           FROM radcheck           WHERE value = 
>'00:19:79:0F:98:3D'           ORDER BY id
>[sql_ap2000]    expand: SELECT groupname           FROM 
>usergroup           WHERE username = '%{SQL-User-Name}'           ORDER 
>BY priority -> SELECT groupname           FROM usergroup           WHERE 
>username = '00:19:79:0F:98:3D'           ORDER BY priority
>rlm_sql (sql_ap2000): Released sql socket id: 4
>[sql_ap2000] User 00:19:79:0F:98:3D not found
>++[sql_ap2000] returns notfound
>++[expiration] returns noop
>++[logintime] returns noop
>[pap] WARNING! No "known good" password found for the user.  
>Authentication may fail because of this.
>++[pap] returns noop
>No authenticate method (Auth-Type) configuration found for the request: 
>Rejecting the user
>Failed to authenticate the user.
>Login incorrect: [00:19:79:0F:98:3D/cnett1298] (from client ap2000 port 0)
>} # server proxim
>Delaying reject of request 0 for 1 seconds
>Going to the next request
>Waking up in 0.9 seconds.
>Sending delayed reject for request 0
>Sending Access-Reject of id 3 to 172.30.0.165 port 6001
>Waking up in 4.9 seconds.
>Cleaning up request 0 ID 3 with timestamp +29
>Ready to process requests.
>
>    This user (MAC) exists and its in radcheck like this:
>
>mysql> SELECT * FROM radcheck WHERE Username="marmatec";
>+------+----------+--------------------+----+-------------------+--------+------+
>| id   | UserName | Attribute          | op | Value             | numero 
>| obs  |
>+------+----------+--------------------+----+-------------------+--------+------+
>|  796 | marmatec | Cleartext-Password | := | 654321            | 00923  
>|      |
>| 1886 | marmatec | Calling-Station-Id | == | 00:19:79:0F:98:3D | 00923  
>| NULL |
>+------+----------+--------------------+----+-------------------+--------+------+
>
>    On mysql/sql/ap2000.conf (copy of dialup.conf file) I just changed 
>this on authorize section:
>
>          WHERE value = '%{SQL-User-Name}' \
>
>    I really don't know how to make this work. Can someone help me?


Lets try again: put the mac address in to the radcheck table as UserName
field. Without that mac authentication is not going to work. If your
"adminstartion system" has something against it, throw it away and
write another one youself. Or use dialup admin (comes with the server)
or something like daloRadius.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list