How to modify dialup.conf for each virtual server?

Nataniel Klug nata at cnett.com.br
Mon Sep 8 20:14:24 CEST 2008 

    Hello again,

    Now I have the other question I told in the post before. I have some 
equipament (wireless) that authenticate the wireless client using MAC 
over my radius database. I want that in one of my virtual servers I have 
this kind of authentication. I need it to check MAC address that is, 
already, in my radcheck table. this is a common user setup into radcheck 
table:

+------+----------+--------------------+----+-------------------+--------+------+
| id   | UserName | Attribute          | op | Value             | numero 
| obs  |
+------+----------+--------------------+----+-------------------+--------+------+
| 1613 | nataniel | MD5-Password       | := | XXXXXXXXX          | 
01046  |      |
| 1656 | nataniel | Calling-Station-Id | == | AA:AA:AA:AA:AA:AA | 01046  
| NULL |
+------+----------+--------------------+----+-------------------+--------+------+

    So, MAC Address is set as "Calling-Station-Id". This is ok for my 
PPPoE setup but for my access points this is not ok. I need my access 
point to verify if this MAC here is well listed and not bloked. I use 
this to blok:

+------+----------+--------------------+----+-------------------+--------+------+
| id   | UserName | Attribute          | op | Value             | numero 
| obs  |
+------+----------+--------------------+----+-------------------+--------+------+
| 1613 | nataniel | MD5-Password       | := | XXXXXXXXX          | 
01046  |      |
| 1656 | nataniel | Calling-Station-Id | == | AA:AA:AA:AA:AA:AA | 01046  
| NULL |
| 1657 | nataniel | Auth-Type          | := | Reject            | 01046  
| NULL |
+------+----------+--------------------+----+-------------------+--------+------+

    I have to change dialup.conf to meet this options and returno to my 
access point. This is a common query comming from on of my APs:

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.30.0.142 port 6001, id=1, 
length=69
        User-Name = "00:19:79:0f:98:3d"
        User-Password = "wireless"
        NAS-IP-Address = 172.30.0.142
        NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: No '@' in User-Name = "00:19:79:0f:98:3d", looking up 
realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
        expand: %{User-Name} -> 00:19:79:0f:98:3d
rlm_sql (sql): sql_set_user escaped user --> '00:19:79:0f:98:3d'
rlm_sql (sql): Reserving sql socket id: 4
        expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '00:19:79:0f:98:3d'           ORDER 
BY id
        expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM usergroup           WHERE username = 
'00:19:79:0f:98:3d'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): User 00:19:79:0f:98:3d not found
++[sql] returns notfound
rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform 
requested action.
Sending Access-Reject of id 1 to 172.30.0.142 port 6001
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 1 with timestamp +274
Ready to process requests.


    So, where I see "WHERE username = '00:19:79:0f:98:3d' " it should be 
Attribute. But I need to be sure that this client is not rejected 
somewhere in the database.

    Can someone help me? I am not a guru of mysql but I can try some 
changes... ;)


-- 
Att,

NATANIEL KLUG
nata at cnett.com.br

LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/

Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290

"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis."
Visconde de Taunay

More information about the Freeradius-Users mailing list