DEFAULT Auth-Type := PAP
At least that's what I use to authenticate... but I do that with
radgroupcheck:
id groupname attribute op value
10 mygroup Auth-Type := PAP
I guess for the use with hints file it would be (I don't use hints at
the moment):
DEFAULT Hint == "CISCO", Auth-Type := 'whatever-you-want'
Prefix = "Cisco-AVPair" /* do you really need this? */
Strip-User-Name = Yes
"module sql returns notfound" means the username you passed to the
server wasn't found by the sql-query executed, which might be a wrong
query or a wrong/not-existing username.
I would rather try to get one table working for both types of ap's than
having two tables. It doubles your work and also doubles the number of
possible errors.
One of the fantastic things with Cisco is that you always get all the
dokumentation online. Please see:
MAC-Auth settings:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_and_configuration_guide_chapter09186a008014868e.html
RADIUS settings:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_and_configuration_guide_chapter09186a00801486a0.html
Am Die, 2003-08-12 um 21.34 schrieb Mike Hall:
> How do I define and Auth-Type for the user? Is it the Attribute field in
> my radcheck table? That has 'User-Password' for everyone in the system.
> The Value field also has our 'radius password' for all users. I have
> read some about the hints file...do I need to do something like this:
>
> Default Prefix = "Cisco-AVPair", Strip-User-Name = Yes
> Hint = "CISCO"
> Auth-Type = Local
>
> ...Or am I totally on the wrong track here? Another idea is to create a
> two separate 'radcheck' tables, one for Cisco Aps and one for Orinoco
> APs. What do yall think of that (there must be an easier way)? When it
> say "module sql returns notfound" what does that mean? Sorry for all
> the questions, I really appreciate your help.
>
> --Mike Hall
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ulrich
> Walcher
> Sent: Tuesday, August 12, 2003 1:01 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Cisco Aironet - MAC auth logs
>
>
> "auth: user supplied User-Password matches local User-Password" says
> that the user matches a password in raddb/users file. You are
> authenticating -> yes, but against a password-file. Authorization is
> done in this case via sql.
>
> With the Cisco box you get an error message saying: "Pairs do not match
> [00022d111111]". Unfortunately I can't tell you why...
> and:
> "auth: No Auth-Type configuration for the request, rejecting the user"
> You have not defined an Auth-Type for the user. Uli
>
> Am Die, 2003-08-12 um 15.32 schrieb Mike Hall:
> > I am definitely authenticating against mysql!! I have been working
> > with this system for over a year and it has worked great...if the
> user's MAC
> > isn't in there then they can't authenticate. Matches "local"
> > User-Password :: Doesn't that tell you im authenticating? Please
> > advise..
> >
> > Mike
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Ulrich
> > Walcher
> > Sent: Tuesday, August 12, 2003 3:11 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Cisco Aironet - MAC auth logs
> >
> >
> > See the differnece?!
> >
> > > ******** Output of the ORINOCO from radiusd -X:
> > > rlm_sql: Released sql socket id: 4
> > > modcall[authorize]: module "sql" returns ok
> > > modcall[authorize]: module "files" returns notfound
> > > modcall: group authorize returns ok
> > > auth: type Local
> >
> > Auth-Type := Local
> >
> > > auth: user supplied User-Password matches local User-Password
> >
> > Matches "local" User-Password
> >
> > > Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request
>
> > > 1
> >
> >
> >
> > > ******** Output of the CISCO from radiusd -X:
> > > rlm_sql: Pairs do not match [00022d111111]
> >
> > !!!!!
> >
> >
> > > rlm_sql: Released sql socket id: 4
> > > modcall[authorize]: module "sql" returns notfound
> > > modcall[authorize]: module "files" returns notfound
> > > modcall: group authorize returns ok
> > > auth: No Auth-Type configuration for the request, rejecting the user
> >
> > No Auth-Type
> >
> > > auth: Failed to validate the user.
> > > Delaying request 0 for 1 seconds
> > > Finished request 0
> >
> > AFAIS you're not authenticating against mysql... in none of the two
> > cases!
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
