"Mike Hall" <[EMAIL PROTECTED]> wrote:
> As for this comment:
> >Huh? Why? Managing passwords isn't difficult. So for one AP, you add
> >(by hand) the password which just happens to be the MAC address. For
> >another AP, you add a different password. That is by far and away too
> >complicated.
>
> We have more than 12,000 users and 100's of access points. Do you think
> we could add all the MAC's into each AP?
Huh? I have no clue what you mean by that.
What you said previously was that the MAC addresses were in RADIUS
packets, with User-Name & User-Password attributes. Those were looked
up in an SQL database. So you've got sufficient information in the
query to tell one AP from another: the User-Passwords are different.
> Modifying one SQL query in the sql.conf file is hardly complicated.
I agree. But what you want is complicated, and can't be done via
SQL. The RADIUS "shared secret" isn't stored in SQL.
> The only problem is I don't know how to make radius differentiate
> between AP requests.
The AP requests themselves tell you.
You can see 'doc/duplicate-users', it's the same problem.
Or, you can update the SQL database, and use User-Password as a key,
adding it to the SQL query. So user "bob" with password "bob", will
be different than user "bob" with password "hello". It will mean
massively duplicate crap in the DB, but it will work.
Or, you can use the 'passwd' module. Put the client IP's & shared
secrets into a '/etc/passwd' style file, and use the 'passwd' module,
keying off of client IP, to look up the shared secret ("password") for
each user. If it isn't found, fail-over to SQL. If it is found, use
the PAP module to do the authentication.
> I know there people on this list who can answer that in their sleep.
> I would really appreciate some help from one of you radius gurus
> (not Alan).
You're welcome.
It's NOT a RADIUS problem. In fact, the problem has nothing
whatsoever to do with RADIUS. It's a local configuration issue, and
one which isn't particularly difficult to solve, once you focus on the
problem, and not on the solution.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
