802.1x MAB

Tony Gottfridsson Tony.Gottfridsson at hig.se
Mon Jan 29 11:37:31 CET 2018


Hi

I'm running a test on FR 3.0.15 to replace VMPS with 802.1x MAB.

The initial poc works fine using "users" as below

9cebe82ae8eeCleartext-Password := "9cebe82ae8ee"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 10

Since the short description on using sql is "to mirror the 'users'"
settings that's what I went ahead and did by removing unneeded table
configs and queries. The above data is easily reproduced with a few
"as" and "union"'s.

We have a db with mac/vlan so i'm trying to fetch the relevant
information from that db. I'm rewriting user name and password in the
requst to follow the db's format (lowercase and ":" separators) and it
seems like I'm almost home but not quite. The
authorize_check_query string currently returns:

id,username,attribute,value,op
1,9c:eb:e8:2a:e8:ee,Cleartext-Password,9c:eb:e8:2a:e8:ee,:=
2,9c:eb:e8:2a:e8:ee,Tunnel-Type,VLAN,=
3,9c:eb:e8:2a:e8:ee,Tunnel-Medium-Type,IEEE-802,=
4,9c:eb:e8:2a:e8:ee,Tunnel-Private-Group-ID,99,=

To me this is almost exactly a "mirror of the users file content".

The query config files talks about ${authreply_table}. Well then it
seems using sql it's not just to mirror the "users" file, there is
something else needed that the "users" files doesn't need, what data do
I need to have in authreply_table to enable the same functionality as
the working poc using "users" instead of mysql Auth-Type is indicated
in the debug output, No "known good" is indicated but that seems
strange since it's clearly there much the same way as it's in the
"users". It's pretty obvious to me that I'm missing something really
basic here...

/Best regards Tony Gottfridsson







[Högskolan i Gävle]

Högskolan i Gävle, 801 76 Gävle • 026 64 85 00 • www.hig.se<http://www.hig.se>

För en hållbar livsmiljö för människan

University of Gävle, SE-801 76 Gävle, Sweden • +46 (0) 26 64 85 00 • www.hig.se<http://www.hig.se>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd-X.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180129/61a7d451/attachment-0001.txt>


More information about the Freeradius-Users mailing list