usename + password + MAC address
Hilton Guaraldi
guaraldi at gmail.com
Sun Sep 13 17:05:19 CEST 2009
Ok, it works, but a new problem emerged....
I have 6 AP´s. One of them send the MAC in the following format:
00-18-E7-41-AD-C2. The others send 0018e741adc2... Here the letters
are in lowercase and if changed to uppercase the authentication fails
from 5 AP´s.
What must I do in radcheck table to work with the 6 AP´s?
More details of actual radcheck in MySQL:
1 DEFAULT Fall-Through = Yes
2 guaraldi Calling-Station-Id == 00-18-E7-41-AD-C2
3 guaraldi Cleartext-Password := 123mudar
4 guaraldi Simultaneous-Use := 1
21 DEFAULT Fall-Through = Yes
22 wvcampos Calling-Station-Id == 00-11-95-95-DC-C0
23 wvcampos Cleartext-Password := sprj2009
24 wvcampos Simultaneous-Use := 1
With this config in radcheck table, guaraldi with letters in uppercase
and separated by hyphen is fine.
Changing MAC to 0018e741adc2 give me authentication reject.
XP Clients do 802.1x EAP-PEAP. It works fine. Let me ask, must I enter
DEFAULT Fall-Through = Yes to every user in my database or only one
entry? The entries above are correct?
Best regards,
Guaraldi
2009/9/11 Ivan Kalik <tnt at kalik.net>:
>> Oops!!!
>> Putting my head in the right place... :-)
>>
>> May I insert in the radcheck table for user guaraldi, password
>> mudar123, MAC 00-18-E7-41-AD-C2 the following lines???
>>
>> 1 DEFAULT Fall-Through =
>> yes
>> 2 guaraldi Cleartext-Password :=
>> mudar123
>> 3 guaraldi Calling-Station-Id ==
>> 00-18-E7-41-AD-C2
>> 4 guaraldi Simultaneous-Use := 1
>>
>> And set in the peap section of eap.conf file: copy_request_to_tunnel =
>> yes
>> Is this correct????????????
>
> Yes. You need to copy outer request into the tunnel (sql should alredy be
> enabled for password to work). You should probably enable
> "use_tunneled_reply" as well, to get reply attributes into the final
> reply.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
More information about the Freeradius-Users
mailing list