Hello again,
Now I have the other question I told in the post before. I have some
equipament (wireless) that authenticate the wireless client using MAC
over my radius database. I want that in one of my virtual servers I have
this kind of authentication. I need it to check MAC address that is,
already, in my radcheck table. this is a common user setup into radcheck
table:
+------+----------+--------------------+----+-------------------+--------+------+
| id | UserName | Attribute | op | Value | numero
| obs |
+------+----------+--------------------+----+-------------------+--------+------+
| 1613 | nataniel | MD5-Password | := | XXXXXXXXX |
01046 | |
| 1656 | nataniel | Calling-Station-Id | == | AA:AA:AA:AA:AA:AA | 01046
| NULL |
+------+----------+--------------------+----+-------------------+--------+------+
So, MAC Address is set as "Calling-Station-Id". This is ok for my
PPPoE setup but for my access points this is not ok. I need my access
point to verify if this MAC here is well listed and not bloked. I use
this to blok:
+------+----------+--------------------+----+-------------------+--------+------+
| id | UserName | Attribute | op | Value | numero
| obs |
+------+----------+--------------------+----+-------------------+--------+------+
| 1613 | nataniel | MD5-Password | := | XXXXXXXXX |
01046 | |
| 1656 | nataniel | Calling-Station-Id | == | AA:AA:AA:AA:AA:AA | 01046
| NULL |
| 1657 | nataniel | Auth-Type | := | Reject | 01046
| NULL |
+------+----------+--------------------+----+-------------------+--------+------+
I have to change dialup.conf to meet this options and returno to my
access point. This is a common query comming from on of my APs:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.30.0.142 port 6001, id=1,
length=69
User-Name = "00:19:79:0f:98:3d"
User-Password = "wireless"
NAS-IP-Address = 172.30.0.142
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "00:19:79:0f:98:3d", looking up
realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
expand: %{User-Name} -> 00:19:79:0f:98:3d
rlm_sql (sql): sql_set_user escaped user --> '00:19:79:0f:98:3d'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '00:19:79:0f:98:3d' ORDER
BY id
expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM usergroup WHERE username =
'00:19:79:0f:98:3d' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): User 00:19:79:0f:98:3d not found
++[sql] returns notfound
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Found Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
requested action.
Sending Access-Reject of id 1 to 172.30.0.142 port 6001
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 1 with timestamp +274
Ready to process requests.
So, where I see "WHERE username = '00:19:79:0f:98:3d' " it should be
Attribute. But I need to be sure that this client is not rejected
somewhere in the database.
Can someone help me? I am not a guru of mysql but I can try some
changes... ;)
--
Att,
NATANIEL KLUG
[EMAIL PROTECTED]
LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/
Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290
"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência
como meio de demonstrar impressões sentimentais de que muitos não os julgam
suscetíveis."
Visconde de Taunay
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
