webauth and macauth

djura jura at jurastuff.heliohost.org
Tue May 15 15:38:13 CEST 2012


Hi Phil,

you were right my config was terrible...i started over and followed
instructions from wiki on how to setup macauth and 8021x, now my config
looks better, but i still have the issue as shown below.

It says that mac address is not in authorised_macs but it is,

64-31-50-81-cb-2f
  Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized
for network access"

also in 

raddb/modules/files, i added section authorized_macs,

I read the forum and consulted google, but still strugle with this...please
help.


....
Listening on authentication address 10.222.72.100 port 1812
Listening on proxy address 10.222.72.100 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.222.72.112 port 65534, id=27,
length=143
        NAS-IP-Address = 100.1.1.1
        NAS-Port-Id = "1.1"
        Framed-MTU = 1024
        User-Name = "64-31-50-81-CB-2F"
        Calling-Station-Id = "64-31-50-81-CB-2F"
        Message-Authenticator = 0x4dffe7f21d146b2832db0fdb6678d135
        EAP-Message = 0x02ce00110167706f6e2d48505c67706f6e
        NAS-Identifier = "BLM12_SINGTEL"
        Ericsson-Attr-101 = 0x4552494353534f4e
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
        expand: %{1}-%{2}-%{3}-%{4}-%{5}-%{6} -> 64-31-50-81-CB-2F
        expand: %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} ->
64-31-50-81-cb-2f
++++[request] returns ok
+++- if (Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 0: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
[authorized_macs]       expand: %{Calling-Station-ID} -> 64-31-50-81-cb-2f
++[authorized_macs] returns noop
++? if (!ok)
? Evaluating !(ok) -> TRUE
++? if (!ok) -> TRUE
++- entering if (!ok) {...}
+++[reject] returns reject
++- if (!ok) returns reject
        expand: %{User-Name}, %{Password} -> 64-31-50-81-CB-2F,
Invalid user: [64-31-50-81-CB-2F/<no User-Password attribute>] (from client
be-lem-12 port 0 cli 64-31-50-81-cb-2f) 64-31-50-81-CB-2F,
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 64-31-50-81-CB-2F
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 27 to 10.222.72.112 port 65534
Waking up in 4.9 seconds.
Cleaning up request 0 ID 27 with timestamp +23
Ready to process requests.
...

--
View this message in context: http://freeradius.1045715.n5.nabble.com/webauth-and-macauth-tp5703328p5710022.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.


More information about the Freeradius-Users mailing list