How to modify dialup.conf for each virtual server?

tnt at kalik.net tnt at kalik.net
Mon Sep 8 20:44:32 CEST 2008 

In mac authentication mac address is sent as User-Name not
Calling-Station-Id. You don't have to make any changes to dialup.conf -
just use database properly:

username: AA:AA:AA:AA:AA:AA
attribute: Auth-Type
op: :=
Value: Accept or Reject

Ivan Kalik
Kalik Informatika ISP


Dana 8/9/2008, "Nataniel Klug" <nata at cnett.com.br> piše:

>    Hello again,
>
>    Now I have the other question I told in the post before. I have some 
>equipament (wireless) that authenticate the wireless client using MAC 
>over my radius database. I want that in one of my virtual servers I have 
>this kind of authentication. I need it to check MAC address that is, 
>already, in my radcheck table. this is a common user setup into radcheck 
>table:
>
>+------+----------+--------------------+----+-------------------+--------+------+
>| id   | UserName | Attribute          | op | Value             | numero 
>| obs  |
>+------+----------+--------------------+----+-------------------+--------+------+
>| 1613 | nataniel | MD5-Password       | := | XXXXXXXXX          | 
>01046  |      |
>| 1656 | nataniel | Calling-Station-Id | == | AA:AA:AA:AA:AA:AA | 01046  
>| NULL |
>+------+----------+--------------------+----+-------------------+--------+------+
>
>    So, MAC Address is set as "Calling-Station-Id". This is ok for my 
>PPPoE setup but for my access points this is not ok. I need my access 
>point to verify if this MAC here is well listed and not bloked. I use 
>this to blok:
>
>+------+----------+--------------------+----+-------------------+--------+------+
>| id   | UserName | Attribute          | op | Value             | numero 
>| obs  |
>+------+----------+--------------------+----+-------------------+--------+------+
>| 1613 | nataniel | MD5-Password       | := | XXXXXXXXX          | 
>01046  |      |
>| 1656 | nataniel | Calling-Station-Id | == | AA:AA:AA:AA:AA:AA | 01046  
>| NULL |
>| 1657 | nataniel | Auth-Type          | := | Reject            | 01046  
>| NULL |
>+------+----------+--------------------+----+-------------------+--------+------+
>
>    I have to change dialup.conf to meet this options and returno to my 
>access point. This is a common query comming from on of my APs:
>
>Listening on authentication address * port 1812
>Listening on accounting address * port 1813
>Listening on proxy address * port 1814
>Ready to process requests.
>rad_recv: Access-Request packet from host 172.30.0.142 port 6001, id=1, 
>length=69
>        User-Name = "00:19:79:0f:98:3d"
>        User-Password = "wireless"
>        NAS-IP-Address = 172.30.0.142
>        NAS-Port = 0
>+- entering group authorize
>++[preprocess] returns ok
>    rlm_realm: No '@' in User-Name = "00:19:79:0f:98:3d", looking up 
>realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>        expand: %{User-Name} -> 00:19:79:0f:98:3d
>rlm_sql (sql): sql_set_user escaped user --> '00:19:79:0f:98:3d'
>rlm_sql (sql): Reserving sql socket id: 4
>        expand: SELECT id, username, attribute, value, op           FROM 
>radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
>BY id -> SELECT id, username, attribute, value, op           FROM 
>radcheck           WHERE username = '00:19:79:0f:98:3d'           ORDER 
>BY id
>        expand: SELECT groupname           FROM usergroup           
>WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
>SELECT groupname           FROM usergroup           WHERE username = 
>'00:19:79:0f:98:3d'           ORDER BY priority
>rlm_sql (sql): Released sql socket id: 4
>rlm_sql (sql): User 00:19:79:0f:98:3d not found
>++[sql] returns notfound
>rlm_pap: WARNING! No "known good" password found for the user.  
>Authentication may fail because of this.
>++[pap] returns noop
>auth: No authenticate method (Auth-Type) configuration found for the 
>request: Rejecting the user
>auth: Failed to validate the user.
>  Found Post-Auth-Type Reject
>  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform 
>requested action.
>Sending Access-Reject of id 1 to 172.30.0.142 port 6001
>Finished request 0.
>Going to the next request
>Waking up in 4.9 seconds.
>Cleaning up request 0 ID 1 with timestamp +274
>Ready to process requests.
>
>
>    So, where I see "WHERE username = '00:19:79:0f:98:3d' " it should be 
>Attribute. But I need to be sure that this client is not rejected 
>somewhere in the database.
>
>    Can someone help me? I am not a guru of mysql but I can try some 
>changes... ;)
>
>
>-- 
>Att,
>
>NATANIEL KLUG
>nata at cnett.com.br
>
>LEIA O DIA-A-DIA DO NATA
>http://nataklug.blogspot.com/
>
>Cyber Nett - Internet Banda Larga
>www.cnett.com.br
>(42) 3635-2957
>Rua Diogo Pinto, 1046, Centro
>Laranjeiras do Sul - PR
>Brasil - 85301-290
>
>"... também os sábios possuem coraçăo tangível e podem, por vezes, usar da cięncia como meio de demonstrar impressőes sentimentais de que muitos năo os julgam suscetíveis."
>Visconde de Taunay
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list