Two networks: WEP+MAC Filtering and WPA(PEAP)
Era
alexey.eronko at gmail.com
Thu Feb 28 13:13:14 CET 2008
Hello,
I would like to setup two WLAN networks on one AP with
different VLAN.
>From Radius I need MAC authorization for network #1 and WPA(PEAP)
authorization for network #2.
I have successfully setup both types of authorization separately.
Could you please correct me about mac authorization.
In my debug log I see mac authorization request :
rad_recv: Access-Request packet from host 10.10.10.139:6001, id=7,
length=115
User-Name = "00-18-de-4e-8f-1d"
User-Password = "secret"
NAS-IP-Address = x.x.x.139
Called-Station-Id = "00-20-a6-64-66-a3:A"
Calling-Station-Id = "00-18-de-4e-8f-1d"
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
I have this entry in my users file :
00-18-de-4e-8f-1d Auth-Type:=Local, User-Password == "secret"
Is this correct(right) way to control MAC addresses thought radius?
Another question is : what is correct way to separate two types(MAC&PEAP) of
requests to radius server?
At this moment I have situation when my MAC request tries to authorize
thought LDAP and only afterward looks in users file.
rad_recv: Access-Request packet from host 89.113.128.139:6001, id=7,
length=115
User-Name = "00-18-de-4e-8f-1d"
User-Password = "secret"
NAS-IP-Address = 89.113.128.139
Called-Station-Id = "00-20-a6-64-66-a3:A"
Calling-Station-Id = "00-18-de-4e-8f-1d"
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "00-18-de-4e-8f-1d", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_realm: No '\' in User-Name = "00-18-de-4e-8f-1d", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry 00-18-de-4e-8f-1d at line 2
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 00-18-de-4e-8f-1d
radius_xlat: '(&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))'
radius_xlat: 'dc=x,dc=xxx,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=x,dc=xxx,dc=com, with filter
(&(uid=00-18-de-4e-8f-1d)(objectClass=posixAccount))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 7 to xx.xx.xx.139 port 6001
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 7 with timestamp 47c698d
Thank a lot
Era
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080228/696dcde8/attachment.html>
More information about the Freeradius-Users
mailing list