Your first suggestion, to duplicate users, is not possible using a sql
database according to the documentation.
The third suggestion, to use the /etc/passwd file, is not feasible
because of the large ammount of users we have, and because this machine
serves other purposes which might be comprimised.
The second & fourth suggestions:
>Or, you can update the SQL database, and use User-Password as a key,
adding it to the
>SQL query. So user "bob" with password "bob", will be different than
user "bob" with
>password "hello". It will mean massively duplicate crap in the DB, but
it will work.
.....
>create a new SQL table to hold the shared secrets for each AP, and do:
>DEFAULT User-Password == `%{sql:SELECT stuff by
%{Client-IP-Address}:-%{User-Name}}`
>List the AP's that use the shared secret in the SQL database, and don't
list the others.
>If the SQL query returns nothing, then the password will be set to the
User-Name,
>which will work for the other AP's.
Sound like a great ideas, though I don't quite understand the last one.
My problem here is I cannot find the sql statement which compares
'Value' field to the User-Password string sent from the AP. It is not
in the sql.conf file.
Mike
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, August 13, 2003 2:55 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco vs. Orinoco - MAC Authentication
"Mike Hall" <[EMAIL PROTECTED]> wrote:
> The two access point authenticate differently. The Orinoco sends the
> Value as the SharedSecret & the Cisco sends the Value as the
> MacAddress.
You've said that before.
> What can I do to make this work? I could create two entries like
> this:
...
> But this just confuses the Radius server and auth fails.
So edit the SQL table definition & queries, so it selects by
User-Password, too.
> Please offer some suggestions on what we can do. Thanks again.
I thought I had 3 suggestions in my last email. Did you try any of
them?
Here's another suggestion: create a new SQL table to hold the shared
secrets for each AP, and do:
DEFAULT User-Password == `%{sql:SELECT stuff by
%{Client-IP-Address}:-%{User-Name}}`
List the AP's that use the shared secret in the SQL database, and
don't list the others. If the SQL query returns nothing, then the
password will be set to the User-Name, which will work for the other
AP's.
That's 4 solutions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
