Re: [RADIATOR] Cisco 5508 passing mac for mac auth
Hello Gabe - I would probably use the third mode with MAC address for both username and password. If you are doing simple authentication (ie. not EAP), a simple AuthBy FILE clause will suffice. Something like this: ….. Filename %D/macaddresses.txt AddToReply ….. ….. macaddress.txt would look something like this: # macaddress.txt # file containing MAC addresses for both username and password c8:2a:14:50:13:22 Password = c8:2a:14:50:13:22 c8:2a:14:50:13:33 Password = c8:2a:14:50:13:33 c8:2a:14:50:13:44 Password = c8:2a:14:50:13:44 ….. If you have further questions please include a trace 4 debug showing what is happening. regards Hugh > On 18 Feb 2015, at 12:34, Gabe Carmichael wrote: > > All, > When using a Cisco Wireless controller I have mac delimiters and 3 modes of > operation: > > - Other - (In the Radius Access Request with Mac Authentication Password is > NOT sent.) > > - Free Radius - (In the Radius Access Request with Mac Authentication > Password is controller's shared secret with radius server.) > > - Cisco ACS - (In the Radius Access Request with Mac Authentication password > is client's MAC address.) > > my question is, I am trying to get Radiator to auth by mac addresses in a > flat file. Which mode do I need to use, and how would I need it mod my config > file? Attached is a copy of my config. > > -- > Gabe Carmichael > Systems Analyst - Networking/Email > Lower Kuskokwim School District > 907-543-4860 > LKSD Internal 4 digit dial - 4860 > Skype: gabes72riv > g...@lksd.org > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Cisco 5508 passing mac for mac auth
All, When using a Cisco Wireless controller I have mac delimiters and 3 modes of operation: - Other - (In the Radius Access Request with Mac Authentication Password is NOT sent.) - Free Radius - (In the Radius Access Request with Mac Authentication Password is controller's shared secret with radius server.) - Cisco ACS - (In the Radius Access Request with Mac Authentication password is client's MAC address.) my question is, I am trying to get Radiator to auth by mac addresses in a flat file. Which mode do I need to use, and how would I need it mod my config file? Attached is a copy of my config. -- Gabe Carmichael Systems Analyst - Networking/Email Lower Kuskokwim School District 907-543-4860 LKSD Internal 4 digit dial - 4860 Skype: gabes72riv g...@lksd.org macauth.cfg Description: Binary data ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] radpwtst changes from v4.9 to v.14 (or Starent atributes?)
On 02/17/2015 01:00 PM, Bruno Tiago Rodrigues wrote: > Anyway, by adding the "VENDOR Starent 8164 format=2,2" line to the > dictionary file we had been using ever since fixed the issue. > The servers were migrated yesterday and everything is running smoothly. Thanks for the update. I think we'll add a check in dictionary loading that logs a warning if the VENDOR line is not a present but there are vendor specific attributes for the vendor. Cheers, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] radpwtst changes from v4.9 to v.14 (or Starent atributes?)
Hi Heikki Thanks for the help. We were indeed using radpwtst from 4.14, the host was a fresh install, dedicated to Radiator, nothing else besides perl dependencies had been installed. Anyway, by adding the "VENDOR Starent 8164 format=2,2" line to the dictionary file we had been using ever since fixed the issue. The servers were migrated yesterday and everything is running smoothly. Best regards. Bruno Tiago Rodrigues On Mon, Feb 16, 2015 at 3:22 PM, Heikki Vatiainen wrote: > On 02/16/2015 04:55 PM, Heikki Vatiainen wrote: > > > I tried replicating the problem but could not get it to fail. Can you > > make sure you are using a radpwtst from Radiator 4.14? > > Also, check that you are using dictionary that includes this line: > > VENDORStarent8164format=2,2 > > If the line is missing (it's present at least since 4.9) it can cause > the problem you see. Also, the fix you made can cause the attributes to > be encoded and decoded correctly if you leave it as is. > > In short: please check that you are using a recent enough dictionary. > > Please let us know if the above helps. > > Thanks, > Heikki > > -- > Heikki Vatiainen > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
