Hello Terry -
There are some useful tricks that you can employ in this situation.
# define Client clause
<Client ....>
Secret .....
AddToRequest %{Class}
.....
</Client># define AuthBy clause
<AuthBy ...>
Identifier MyAuthBy
.....
AddToReply Class = Calling-Station-Id = %{Calling-Station-Id}, \
Called-Station-Id = %{Called-Station-Id}
</AuthBy># define Realm of Handler
<Handler ...>
AuthBy MyAuthBy
.....
</Handler>regards
Hugh
On Wednesday, Oct 15, 2003, at 18:42 Australia/Melbourne, Terry Simons wrote:
I need to account for the Calling and Called-Station-Id fields in an authentication, but my NAS device doesn't account this information.
I've troubleshot this particular problem to knowing that my Proxim AP-2000s are not sending back a Calling-Station-Id in either their start or stop records.
I have been trying to determine how to do this on my own, but I'm a little bit lost.
Here's a trace 4 debug showing that we're getting Calling-Station-Id on requests:
Code: Access-Request
Identifier: 40
Authentic: <137>g<0><0><234>Y<0><0>C<1><0><0>gw<0><0>
Attributes:
User-Name = "USERNAME"
NAS-IP-Address = 1.2.3.4
Called-Station-Id = "00-02-2d-48-5f-40"
Calling-Station-Id = "00-02-2d-7d-85-8e"
NAS-Identifier = "NASNAME"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = <2><9><0><13><1>USERNAME
Message-Authenticator = q<2><136>!<221><181><26><180><155>c<170><12>+<238><179>c
And here's a start record, showing that no Calling-Station-Id is available:
Code: Accounting-Request Identifier: 39 Authentic: c<154><145>8<4>$Or<200><232><143>w<200>T<25><127> Attributes: User-Name = "USERNAME" Acct-Session-Id = "00-02-2d-7d-85-8e" NAS-Identifier = "NASNAME" NAS-IP-Address = 1.2.3.4 NAS-Port = 9 NAS-Port-Type = Wireless-IEEE-802-11 Acct-Authentic = RADIUS Acct-Status-Type = Start
It makes sense that I can't do %{Calling-Station-Id}, because that particular attribute doesn't exist in my accounting packet, but it does show up in the authentication request packets.
Also, it looks like the AP is erroneously using the Acct-Session-Id field to account the MAC address of the authenticated client. *groan* ;-)
What are my options to account the Calling-Station-Id data?
It looks like I can use a PostAuthHook... I think. Is this what I want?
I'm not quite sure, even after reading the documentation, what needs to happen.
I'll keep digging...
In the mean time, any advice is appreciated.
Terry
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
