Checking MAC address with rlm_sql
Glen Harris
astfgl at iamnota.org
Thu Apr 5 10:01:11 CEST 2012
On 04/04/12 18:34, Fajar A. Nugraha wrote:
>
> @Glen, can you try testing with simple PAP? This is to isolate
> EAP-related problem.
>
> You probably need to use radclient to manually add Calling-Station-Id
> attribute to the request. Look at the end of "radtest" program (which
> is a shell script) to see an example how to use radclient.
>
I've just tried with radclient:
echo "User-Name = user01, Password = pass01, Calling-Station-Id =
98-4B-4A-F5-BF-40" | radclient -s localhost:1812 auth testing123
successfully authenticates the user using rlm_sql and pap. Changing the
MAC to a different value fails the SQL query and authentication as expected.
Going back to the access point, I can now understand that the failure is
happening inside the inner-tunnel virtual server. First the authorize
section is called which does the SQL query but can't match the user,
then the authenticate section which fails because there's no password set.
5 minutes of googling later I found a pointer to copy_request_to_tunnel
in the peap section of eap.conf and my client devices started
authenticating.
Many thanks to everyone who helped.
Regards, glen.
More information about the Freeradius-Users
mailing list