FR Using MAC Authentication

Steve Wu swu at emerson-school.org
Fri May 8 18:21:15 CEST 2009 

Hi Tim - 

Thanks Tim, that worked, although is that up to each AP manf as to what it sends? I have HP420s. I changed the password field to match the MAC and it authenticated (I think), but I didn't get an IP. The 420 I'm using hands out an IP fine when I turn off the MAC auth and have it wide open, so it's talking to my DHCP server fine. 

Any more ideas would be greatly appreciated! 

Thx - Steve 

Waking up in 6 seconds... 
rad_recv: Accounting-Request packet from host 10.10.18.241:9000, id=4, length=138 
Acct-Delay-Time = 0 
NAS-Identifier = "Enterprise AP" 
User-Name = "000e35-84610a" 
Acct-Status-Type = Start 
Acct-Session-Id = "000e35-84a0414e5" 
Acct-Authentic = RADIUS 
NAS-IP-Address = 10.10.18.241 
NAS-Port = 1 
NAS-Port-Type = Wireless-802.11 
Calling-Station-Id = "000e3584610a" 
Called-Station-Id = "001321ad8e4e" 
Service-Type = Framed-User 
Processing the preacct section of radiusd.conf 
modcall: entering group preacct for request 1 
modcall[preacct]: module "preprocess" returns noop for request 1 
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 10.10.18.241,NAS-IP-Address = 10.10.18.241,Acct-Session-Id = "000e35-84a0414e5",User-Name = "000e35-84610a"' 
rlm_acct_unique: Acct-Unique-Session-ID = "3107f7faaae62984". 
modcall[preacct]: module "acct_unique" returns ok for request 1 
rlm_realm: No '@' in User-Name = "000e35-84610a", looking up realm NULL 
rlm_realm: No such realm "NULL" 
modcall[preacct]: module "suffix" returns noop for request 1 
modcall[preacct]: module "files" returns noop for request 1 
modcall: leaving group preacct (returns ok) for request 1 
Processing the accounting section of radiusd.conf 
modcall: entering group accounting for request 1 
radius_xlat: '/var/log/freeradius/radacct/10.10.18.241/detail-20090508' 
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.18.241/detail-20090508 
modcall[accounting]: module "detail" returns ok for request 1 
modcall[accounting]: module "unix" returns ok for request 1 
radius_xlat: '/var/log/freeradius/radutmp' 
radius_xlat: '000e35-84610a' 
modcall[accounting]: module "radutmp" returns ok for request 1 
modcall: leaving group accounting (returns ok) for request 1 
Sending Accounting-Response of id 4 to 10.10.18.241 port 9000 
Finished request 1 


----- Original Message ----- 
From: "Tim Sylvester" <tim.sylvester at networkradius.com> 
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org> 
Sent: Friday, May 8, 2009 11:42:29 AM GMT -05:00 US/Canada Eastern 
Subject: RE: FR Using MAC Authentication 




Steve, 



Your wireless access point is sending the MAC address as the username and password. Change the username and password in the users file and the authentication will work. 



rad_recv: Access-Request packet from host 10.10.18.241:2160, id=7, length=53 
User-Name = "00215c-08b25d" <--- This came from the wireless access point 
User-Password = "00215c-08b25d" <--- This came from the wireless access point 





Tim 





From: freeradius-users-bounces+tim.sylvester=networkradius.com at lists.freeradius.org [mailto:freeradius-users-bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On Behalf Of Steve Wu 
Sent: Friday, May 08, 2009 8:35 AM 
To: freeradius-users at lists.freeradius.org 
Subject: FR Using MAC Authentication 




Hi - 

I have just started tinkering with Freeradius, I built an Ubuntu 8.10 server box and installed FR --> sudo apt-get install freeradius*. It installed in a breeze and tested fine. I have setup a HP420 AP for testing, it's chattering with the FR box fine (I think). 

I want my wireless clients to do MAC authentication via the FR box. I have setup my users file to auth two of my test laptops: 

000E35-84610A Auth-Type := Local, User-Password == "esradius" 
00215C-08B25D Auth-Type := Local, User-Password == "esradius" 

When either tries to connect up, in the FR debug I see: 

rad_recv: Access-Request packet from host 10.10.18.241:2160, id=7, length=53 
User-Name = "00215c-08b25d" 
User-Password = "00215c-08b25d" 
Processing the authorize section of radiusd.conf 

The authentication eventually fails: 

rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. 

Why is the User-Password the MAC address and not what is specified in the users file? I have only tweaked the users and clients.conf files. 

Just simple MAC authentication, that's all I want at this point. 

Thanks in advance! 

- Steve 



- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090508/d951fe7b/attachment.html>

More information about the Freeradius-Users mailing list