usename + password + MAC address

Hilton Guaraldi guaraldi at gmail.com
Sun Sep 13 17:05:19 CEST 2009


Ok, it works, but a new problem emerged....

I have 6 AP´s. One of them send the MAC in the following format:
00-18-E7-41-AD-C2. The others send 0018e741adc2... Here the letters
are in lowercase and if changed to uppercase the authentication fails
from 5 AP´s.
What must I do in radcheck table to work with the 6 AP´s?
More details of actual radcheck in MySQL:

1    DEFAULT      Fall-Through             =    Yes
2    guaraldi         Calling-Station-Id      ==   00-18-E7-41-AD-C2
3    guaraldi         Cleartext-Password  :=    123mudar
4    guaraldi         Simultaneous-Use    :=    1
21    DEFAULT    Fall-Through             =     Yes
22    wvcampos   Calling-Station-Id      ==   00-11-95-95-DC-C0
23    wvcampos   Cleartext-Password  :=     sprj2009
24    wvcampos   Simultaneous-Use    :=    1

With this config in radcheck table, guaraldi with letters in uppercase
and separated by hyphen is fine.
Changing MAC to 0018e741adc2 give me authentication reject.

XP Clients do 802.1x EAP-PEAP. It works fine. Let me ask, must I enter
 DEFAULT Fall-Through = Yes to every user in my database or only one
entry? The entries above are correct?

Best regards,

Guaraldi


2009/9/11 Ivan Kalik <tnt at kalik.net>:
>> Oops!!!
>> Putting my head in the right place... :-)
>>
>> May I insert in the radcheck table for user guaraldi, password
>> mudar123, MAC 00-18-E7-41-AD-C2 the following lines???
>>
>> 1    DEFAULT              Fall-Through                   =
>> yes
>> 2    guaraldi                 Cleartext-Password        :=
>> mudar123
>> 3    guaraldi                 Calling-Station-Id            ==
>>   00-18-E7-41-AD-C2
>> 4    guaraldi                 Simultaneous-Use          :=            1
>>
>> And set in the peap section of eap.conf file:    copy_request_to_tunnel  =
>> yes
>> Is this correct????????????
>
> Yes. You need to copy outer request into the tunnel (sql should alredy be
> enabled for password to work). You should probably enable
> "use_tunneled_reply" as well, to get reply attributes into the final
> reply.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>




More information about the Freeradius-Users mailing list