Ok, so I read a little more, and it looks like there is a problem with my
shared secret, on the orinoco side.
I've entered and re-entered the shared secret on the orinoco AP to no
avail. Just to make sure it works, I tried this exact config with a cisco
AP and it works fine.
Is there something special I have to do when getting an Orinoco AP to talk
to freeradius, ie to/for the shared key? What NAS type should I use?
(Would that have anything to do with this?)
It only authenticates because I have Auth-Type := Accept set on every mac
address user.
-Joe
> Hi,
>
> I'm stumped.
>
> We have a few orinico AP-2000's that we're trying to set up mac-address
> control through radius.
>
> The authentication works fine. The shared secrets are correct,
> everything's configured right, etc...
>
> Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives
> an accounting request from any AP2000, it complains that the shared secret
> is not the same, and rejects it.
>
> Now, I've read all the e-mails I could find about this, and I've tried all
> kinds of things, and I still can't get it to work, with freeradius.
>
> On an off chance, I tried it with cistron radius instead, with basicly the
> same exact configuration, and wa-la, everything works!
>
> This is the account record that the AP sends back to radius (as recorded
> by cistron):
> Thu Oct 9 14:06:52 2003
> User-Name = "00-0c-41-0c-f3-ea"
> Acct-Session-Id = "00-0c-41-0c-f3-ea"
> NAS-Identifier = "wolfe-ap1"
> NAS-IP-Address = 66.92.46.190
> NAS-Port = 2
> NAS-Port-Type = 19
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
> Client-IP-Address = 66.92.46.190
> Timestamp = 1065722812
> Request-Authenticator = Unverified
>
>
> I did however notice the following statistics on the orinoco:
>
> Primary Authentication Server
> Access Requests 1
> Access Accepts 1
> Access Retransmissions 3
> Access Rejects 0
> Access Challenges 0
> Malformed Access Responses 0
> Authentication Bad Authenticators 1 <<< ?
> Timeouts 3
>
> Primary Accounting Server
> Accounting Requests 1
> Accounting Retransmissions 0
> Accounting Responses 1
> Accounting Bad Authenticators 1 <<< ?
>
>
> And any password being passed to radius comes back in a jumbled string of
> letters and numbers, about 50 characters long.
>
>
> This is my freeradius config:
>
> clients:
> 66.92.46.190 <<ss>>
>
> clients.conf:
> client 66.92.46.190 {
> secret = <<ss>>
> nastype = portslave
> shortname = wolfe1-ap1
> }
>
> naslist:
> 66.92.46.190 wolfe1-ap1 portslave
>
>
>
> Anyone have any ideas? I'd really like to use freeradius, I want mysql.
>
> Thanks in advance.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
