On 10/18/2013 11:00 AM, Alan DeKok wrote:
Bertalan Voros wrote:
I have one question, I would like to log a message in radius.log when a
device is rejected based on its mac address.
I would like to put a message saying that the device was unauthorised
and the Calling-Station-Id into the radius.lo
On Fri, 07 Jun 2013 17:40:04 +0200, David Mitton wrote:
Best to check the error log on the NAS.
When the link goes up the following debug message appear on the NAS:
2013 Jun 10 15:22:56 system.information awplus pcfg: Egress
Broadcast(1):Milticast(1):Unicast(1) port1.0.5
2013 Jun 10 15:22:56
The NAS device is the final arbiter of allowing access.
Even if the authentication succeeds, there may be other things about
the connection and the NAS policies that are not met by the port user.
Best to check the error log on the NAS.
Dave.
Quoting Stijn D'haese :
Hi,
I'm trying to do M
Stijn D'haese wrote:
> Any ideas where I need to start looking?
The RADIUS server sent the right answer. The NAS ignored it.
Blame the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm trying to do MAC based authentication on our switches, but for some
strange reason the port doesn't want to authenticate, even though the
radius server sends an Access-Accept package to the port. I did a capture
on the port and the Access-Accept package is received by the port, but
rajasekar bonthala wrote:
> I would like to use the free-radius server for mac-authentication and
> port authentication.
> Please let me know the configuration stuff for the same.
Documentation for this already exists. See the Wiki, among other places.
i.e. If you don't hav
Hi All,
I would like to use the free-radius server for mac-authentication and port
authentication.
Please let me know the configuration stuff for the same.
Thanks,
RajaSekhar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Your guess is correct. I really hope that's the only thing wrong with the
config.
I'll try it as soon as I have access to the server. Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 28 Feb 2013, at 10:02, Bouchra Badri wrote:
> Hello,
> Sorry to bring this up again.
> I tried to do as you said, and added this line :
> VMPS-VLAN-Name = "%{sql:select radius.maclist.vlanname from radius.maclist
> where radius.maclist.mac='%{VMPS-Mac}'}"
> as well as this one : $INCLUDE
Great.
Thank you good sir.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>Yes, of course I'll have to use a Radius server, and many forums say that
>if you put the Mac address in both username and password, it will
>authenticate if - in the switch - you use Mab... And that's exactly what I
>tried to do, but it did not authenticate... Am I doing sth
Hello, thanks for the quick answer
>
>
> Cisco MAB is a *method* you configure on the switch. it still needs a
> backend
> to send the request to - eg a RADIUS server
Yes, of course I'll have to use a Radius server, and many forums say that
if you put the Mac address in both username and passwor
Hi,
>1 - I was wondering if going through the tuto in wiki.freeradius is
>necessary to be able to authenticate using the mac address ?
>For one, that rewrite_calling_station_id generates an error at the run of
>freeradius, plus I've seen some tutos that say that cisco Mac-auth-Bypa
Hi,
1 - I was wondering if going through the tuto in wiki.freeradius is
necessary to be able to authenticate using the mac address ?
For one, that rewrite_calling_station_id generates an error at the run of
freeradius, plus I've seen some tutos that say that cisco Mac-auth-Bypass
can do the trick..
Thank you very much.
>
> Tzvika Gelber wrote:
> > I created a new user with the MAC address of the client as the user and
> > password :
> ...
> > 00C0CA32A157 Cleartext-Password := "00C0CA32A157"
> ...
> > User-Name = "00c0ca32a157"
> > User-Password = "00c0ca32a157"
>
> You do
Tzvika Gelber wrote:
> I created a new user with the MAC address of the client as the user and
> password :
...
> 00C0CA32A157 Cleartext-Password := "00C0CA32A157"
...
> User-Name = "00c0ca32a157"
> User-Password = "00c0ca32a157"
You do realize that they are different, right?
Hello,
I'm trying to have a WiFi client to be authenticated in the OPEN+MAC method
The AP is already known as a client of the Freeradius and any other form of
Radius authentication i tried worked so far (WPA, WPA2)
I'm using PEAP and the clients are Windows XP (if it makes any difference)
I creat
On 22/03/12 15:27, PENZ Robert wrote:
Hi!
Thx for the fast response!
But how to I execute the SQL authorize_reply_query query after I did
a EAP authentication? I don't do that currently in post-auth. I just
have the sql modul activated in authorize.
Like this:
post-auth {
if (TLS-Client-C
Hi,
On Thu, Mar 22, 2012 at 04:27:14PM +0100, PENZ Robert wrote:
> But how to I execute the SQL authorize_reply_query query after I
> did a EAP authentication? I don't do that currently in
> post-auth. I just have the sql modul activated in authorize.
Sorry, can't help here. I've never done any S
FreeRadius users mailing list
Betreff: Re: 802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs
Hi,
On Thu, Mar 22, 2012 at 03:24:41PM +0100, PENZ Robert wrote:
> And how can I use the CN of the certificate in the SQL query? I
> believe I need one query for MAC and one for EAP-TLS
Hi,
On Thu, Mar 22, 2012 at 03:24:41PM +0100, PENZ Robert wrote:
> And how can I use the CN of the certificate in the SQL query? I
> believe I need one query for MAC and one for EAP-TLS, as for one
> I search for the MAC address and in the other the CN ...
> correct?
Common Name of the cert is in
Hi!
We've currently a MAC authentication running with dynamic VLANs via SQL for
wired clients. We return the wished VLAN for the client by using the SQL
function authorize_reply_query. We now want to add 802.1x EAP-TLS as supported
authentication method. I got the setup sofar that I'
On Wed, Feb 02, 2011 at 02:00:52PM -0600, Gary Gatten wrote:
> On shared medium, I don't *think* dupe macs will cause much problem,
> unless maybe a congestion algorithm tweaks traffic to/from that mac. I'm
> not an expert in that area, just speaking from experience.
Layer 1
---
I have little
Jim Rice wrote:
> The MikroTik routers can be configured to send a variety of MAC address
> formats, the default is XX:XX:XX:XX:XX:XX
Which isn't the format recommended by the RFCs .
> It can also be set to include the same MAC address in the Password field,
> instead of NULL, but I do not se
I think it depends on the OS, if a OS is trusting and accepts everything up
the stack from Layer 2 if the MAC address matches it could start to get
confused and cause all sorts of issues. If the device keeps some kind of state
table for connections and rejects all others there may not be to
Thanks for the tip, Schilling.
We wanted to provide a "splash page" for unauthenticated access attempts.
This helps to answer a whole other list of questions on "how" to do that.
Jim
--- On Wed, 2/2/11, schilling wrote:
> From: schilling
> Subject: Re: MAC Authe
Wednesday, February 02, 2011 01:53 PM
To: FreeRadius users mailing list
Subject: Re: MAC Authentication - Bad Idea?
On Wed, Feb 02, 2011 at 11:15:13AM -0800, Jim Rice wrote:
> Do I need to be concerned with MAC spoofing?
It's easy to do, so it will probably happen; this risk is weighed a
On Wed, Feb 02, 2011 at 11:15:13AM -0800, Jim Rice wrote:
> Do I need to be concerned with MAC spoofing?
It's easy to do, so it will probably happen; this risk is weighed against
providing a service which is easy for your customers to use.
What happens if two people try to use the same MAC addres
We implemented MAC authentication with netreg at
http://netreg.sourceforge.net. We used DHCP/DNS/HTTP piece from
netreg. It's essence is DHCP/DHS/HTTP on one server.
Basically there will be a vlan we called sandbox with ip
helper-address pointing to sandbox.foo.edu. The DHCP is configur
Hi,
> Do I need to be concerned with MAC spoofing?
of course. theres also the issue that the link-layer is completely open
and unencrypted to any eavedropping/dodgy activity
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
atten=waddell@lists.freeradius.org] On
Behalf Of Jim Rice
Sent: Wednesday, February 02, 2011 1:15 PM
To: FreeRadius users mailing list
Subject: Re: MAC Authentication - Bad Idea?
Thanks, Alan.
The MikroTik routers can be configured to send a variety of MAC address
formats, the defau
Thanks, Alan.
The MikroTik routers can be configured to send a variety of MAC address
formats, the default is XX:XX:XX:XX:XX:XX
It can also be set to include the same MAC address in the Password field,
instead of NULL, but I do not see any added benefit to that.
>> but had to set Auth-Type :=
Jim Rice wrote:
> Still a newbie, but getting there... (Alan, do you ever sleep?)
In a word: no.
> I have been asked to implement MAC authentication for a local service
> provider with a Canopy radio network and MikroTik routers. No, really.
>
> I was able to test this and
Greetings,
Still a newbie, but getting there... (Alan, do you ever sleep?)
I have been asked to implement MAC authentication for a local service provider
with a Canopy radio network and MikroTik routers. No, really.
I was able to test this and received Accept-Accept after placing the MAC
> The next logical step would be to post *that line* from the file, and
ask "What is wrong about it"?
Yes, but I think it is not possible with SQL XLAT. For that reason, finally,
I try with sql.authorize, as Arran advised me, and I think I've achieved the
solution. The problem was I didn't underst
David Seira wrote:
> Thanks for your responses.
>
> I tried SQL XLAT yesterday but I had the next radiusd -X errors:
>
> /usr/local/etc/raddb/sites-enabled/default[598]: Failed to parse "if"
> subsection.
The next logical step would be to post *that line* from the file, and
ask "What is wrong
Thanks for your responses.
I tried SQL XLAT yesterday but I had the next radiusd -X errors:
/usr/local/etc/raddb/sites-enabled/default[598]: Failed to parse "if"
subsection.
/usr/local/etc/raddb/sites-enabled/default[485]: Errors parsing post-auth
section.
I think it is not possible to that with
On 22/11/2553 22:41, David Seira wrote:
Hi Alan.
Thanks for your time.
In the authorize section I have the next instructions for
authorize users in a mac file:
if((Service-Type
== 'Call-Check') || (User-Name =~ /^%{Calling-Station-Id}$/i)){
update
control {
Aut
>
> I don't know how to call the sql module for read the list users from mysql.
> If I put in that section the sql instruction I don't know how compare the sql
> results with the Calling-Station-Id that the NAS return in the request.
>
> Another thing is that I don't know why the authorization
Hi Alan.
Thanks for your time.
In the authorize section I have the next instructions for authorize users in
a mac file:
if((Service-Type == 'Call-Check') || (User-Name =~
/^%{Calling-Station-Id}$/i)){
update control {
Auth-Type = 'CSID'
}
}
I don't know how to call the sql module for read the l
David Seira wrote:
> I don't know where put the sql instruction for read macs from database.
Read raddb/sites-available/default. Look for "sql".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi list.
I'm trying to implement MAC-Authentication directly from a Mysql database. I
follow the wiki page http://wiki.freeradius.org/Mac-Auth for authenticate
macs from a file. I want to authenticate macs reading the authorized macs
from a mysql database. I understand that in the radcheck
I am attempting to edit the ldap module to pass the mac address from the
wireless client as the user. I have changed the basedn, but not sure how
to change the "filter".
Here is what I have :
ldap {
#
# Note that this needs to match the name in the LDAP
# server cert
Raymond Norton wrote:
> I have a working set up using wpa2 with freeradius and ldap. I need to
> set up host authentication instead of user authentication. I am using
> LAM to manage ldap and have added a couple host accounts, but I keep
> getting a login page from the hotspot. The problem could be
I have a working set up using wpa2 with freeradius and ldap. I need to
set up host authentication instead of user authentication. I am using
LAM to manage ldap and have added a couple host accounts, but I keep
getting a login page from the hotspot. The problem could be a config
issue on any dev
> > how would that have worked anyway - you need the key exchange and
> > the right type of EAP for WPA and wireless
> >
> > alan
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> The only way I can think of it working was if using Cisco's local MAC
>
> Hi,
> > I've been told that Cisco APs won't do WPA with MAC auth in recent
> versions of IOS.
>
> how would that have worked anyway - you need the key exchange and the
> right type of EAP for WPA and wireless
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/u
Hi,
> I've been told that Cisco APs won't do WPA with MAC auth in recent versions
> of IOS.
how would that have worked anyway - you need the key exchange and the right type
of EAP for WPA and wireless
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've been told that Cisco APs won't do WPA with MAC auth in recent versions of
IOS.
-John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
John McDonnell wrote:
> I don't know if you have any experience with the 1100 series access points
> from Cisco, but they have a setting called EAP and MAC authentication. I'm
> not sure how it is implemented, but I would imagine I should just set it
> to do EAP and hav
> -Original Message-
> John McDonnell wrote:
> > I'm not doing any dynamic VLAN assignments over the wireless so I
> really don't see any need for MAC authentication and just see it as
> unneeded overhead. Is there any reason why I'm wrong with this
> as
John McDonnell wrote:
> I'm not doing any dynamic VLAN assignments over the wireless so I really
> don't see any need for MAC authentication and just see it as unneeded
> overhead. Is there any reason why I'm wrong with this assumption?
It never hurts. You can do *
m going to be converting from WEP to WPA finally. I don't want to use WPA-PSK
so I am looking at doing EAP-TLS. I have a test server up that I've gotten to
work with EAP-TLS using the snake-oil certificates. On the AP's, there is the
option of doing EAP and MAC authentication. This
Difan Zhao wrote:
> So radiusd -X won't show whether a check attribute was updated or not?
No. There are a LOT of things that can happen when the server runs.
It doesn't print out all of them.
> It’s supposed to update the “auth-type” value but nothing is shown
> whether the value has been suc
Behalf Of Alan DeKok
Sent: Monday, January 04, 2010 4:10 PM
To: FreeRadius users mailing list
Subject: Re: MAC authentication bypass ---How
amIsupposedto?edit?theusersfileto include multiple MAC addresses??
Difan Zhao wrote:
> To refresh your memory, I am doing MAC address authenticati
Difan Zhao wrote:
> To refresh your memory, I am doing MAC address authentication bypass. It
> looks to me that the “users” file takes precedence than
> “sites-available/default”.
No. You are setting "Auth-Type = ..." in the "users" file, and then
trying to se "Auth-Type = ..." *again* elsewher
an
From:
freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Difan Zhao
Sent: Wednesday, December 30, 2009 12:19 PM
To: FreeRadius users mailing list
S
special authentication that I defined for
MAC authentication bypass? Thanks!
Policy.conf:
policy {
...
rewrite_calling_station_id {
if(request:Calling-Station-Id =~
/00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) {
-Original Message-
> From:
> freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
> [mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
> us.org] On Behalf Of Alexander Clouter
> Sent: Wednesday, December 30, 2009 5:52 AM
> To: freera
: freeradius-users@lists.freeradius.org
Subject: Re: Recall: MAC authentication bypass
---How?am?Isupposedto?edit?theusersfile to include multiple
MACaddresses??
Arran Cudbard-Bell wrote:
>
> On 29/12/2009 14:45, Difan Zhao wrote:
>>
>> Difan Zhao would like to recall the message, &
Arran Cudbard-Bell wrote:
>
> On 29/12/2009 14:45, Difan Zhao wrote:
>>
>> Difan Zhao would like to recall the message, "MAC authentication
>> bypass --- How am Isupposedto?edit?theusersfile to include multiple
>> MAC addresses??".
>>
> I'
Difan Zhao wrote:
...
> if(%{request:User-Password} == %{request:User-Name}) {
Please read "man unlang". It documents the accepted syntax. The
example above is not correct.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nces+difan.zhao=guest-tek@lists.freeradius.org]
> *On Behalf Of *Difan Zhao
> *Sent:* Tuesday, December 29, 2009 11:09 AM
> *To:* FreeRadius users mailing list
> *Subject:* RE: MAC authentication bypass --- How
> amIsupposedto?edit?theusersfile to include multiple MAC addresses
ifan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Difan Zhao
Sent: Tuesday, December 29, 2009 11:09 AM
To: FreeRadius users mailing list
Subject: RE: MAC authentication bypass --- How
amIsupposedto?edit?theusersfile to include multiple MAC addresses??
Greetings,
I hope you all had a
On 29/12/2009 14:45, Difan Zhao wrote:
>
> Difan Zhao would like to recall the message, "MAC authentication
> bypass --- How am Isupposedto?edit?theusersfile to include multiple
> MAC addresses??".
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freerad
Difan Zhao would like to recall the message, "MAC authentication bypass --- How
am Isupposedto?edit?theusersfile to include multiple MAC addresses??".
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Greetings,
I hope you all had a wonderful Christmas holidays!
So I continued my work this morning. It looks like it can authenticate
the devices (with the certain MAC address pattern) however from the
Radius -X output (which I attached here) it doesn't seem to authenticate
it the way I want
s.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Arran Cudbard-Bell
Sent: Thursday, December 24, 2009 1:13 PM
To: FreeRadius users mailing list
Subject: Re: MAC authentication bypass --- How am I
supposedto?edit?theusersfile to include multiple MAC addr
Difan Zhao wrote:
Hey guys,
So I finally started configuring this *MAC auth bypass* thing... I am
editing the *raddb/policy.conf* to include the
"*rewrite_calling_station_id*" function/module however when I am
trying to run the *radiusd –X* I got this error:
"/etc/raddb/policy.conf[72]: Pa
Hey guys,
So I finally started configuring this MAC auth bypass thing... I am
editing the raddb/policy.conf to include the
"rewrite_calling_station_id" function/module however when I am trying to
run the radiusd -X I got this error:
"/etc/raddb/policy.conf[72]: Parse error in condition at:
> Alexander, I did read the links you gave me very carefully and I guess I
> understand the logic... However it seems that I have to edit many files.
> I am new to the FreeRadius and I don't have any programming
> experience... Is there a document which can tell me briefly what these
> files are fo
So...,
Alan suggested using unlang. I am actually reading un-language (5). If I
use it, where or what file do I put your script in?
=Script that Alan
wrote
authorise {
if("%{User-Name}" =~ /[0-9a-z]{12}/i && "%{Huntg
On 21/12/2009 09:05, Alexander Clouter wrote:
> Arran Cudbard-Bell wrote:
>
>>>
>>> the real answer is to get the vendors to sort their cheap shoddy kit out ;-)
>>>
>>
>> Ahem *Vendor :P - - Sorry I have to do it or they beat me :(
>>
>>
> dare I ask why you do not use yo
On 21/12/2009 09:15, Alan Buxey wrote:
> Hi,
>
>
>>> yep - but a user could just as easily log in with the user-name of
>>> 00:11:22:33:44:55 ;-)
>>>
>>>
>> Not when you say !EAP-Message too :)
>>
> ...and how does that stop, lets just say for example, some user coming
> along with
Hi,
> > yep - but a user could just as easily log in with the user-name of
> > 00:11:22:33:44:55 ;-)
> >
> Not when you say !EAP-Message too :)
...and how does that stop, lets just say for example, some user coming
along with 802.1X configured on their wired interface and logging it
with 00:11:2
Arran Cudbard-Bell wrote:
>>
>> the real answer is to get the vendors to sort their cheap shoddy kit out ;-)
>
> Ahem *Vendor :P - - Sorry I have to do it or they beat me :(
>
dare I ask why you do not use you new 'formal' email address? ;)
Cheers
--
Alexander Clouter
.sigmonster sa
Alan Buxey wrote:
>
>> 'cheese112233xxyyzzTASTY' would even match that :)
>
> yep - but a user could just as easily log in with the user-name of
> 00:11:22:33:44:55 ;-)
>
Not when you say !EAP-Message too :)
> thats why some decent stuff needs to be done elsewhereI dont
> like Mac auth byp
On 20/12/2009 22:44, Alan Buxey wrote:
> Hi,
>
>
>> some would say that is a controversial MAC address regexp, but I
>> guess you just do things differently 'up north' eh? :)
>>
> hey, it was a quick hackup example to deal with the question.
>
>
>> 'cheese112233xxyyzzTASTY' would e
Hi,
> some would say that is a controversial MAC address regexp, but I
> guess you just do things differently 'up north' eh? :)
hey, it was a quick hackup example to deal with the question.
> 'cheese112233xxyyzzTASTY' would even match that :)
yep - but a user could just as easily log in w
Alan Buxey wrote:
>
>> If I use AD or SQL, can I write a script to accomplish the logic I need so I
>> don't have to type in each individual MAC as UN/PW in the database? It still
>> sounds like I need to (for example in AD) manully input each of them in the
>> database. Can you please give me
Hi,
> If I use AD or SQL, can I write a script to accomplish the logic I need so I
> don't have to type in each individual MAC as UN/PW in the database? It still
> sounds like I need to (for example in AD) manully input each of them in the
> database. Can you please give me details about how to
lists.freeradius.org on
behalf of Alan Buxey
Sent: Sat 12/19/2009 2:34 AM
To: FreeRadius users mailing list
Subject: Re: MAC authentication bypass --- How am I supposed to edit theusers
file to include multiple MAC addresses??
Hi,
> The way how it works is that (I figured it out by runn
Hi,
> The way how it works is that (I figured it out by running debug on the switch
> and by using wireshark), if the supplicant device doesn’t support 802.1x, the
> switch (172.17.254.100) sends a access request to the freeradius server
> (172.17.1.1) with username and password both are the MA
Hey experts!!
I am having another dilemma here. I am trying to configure MAC
authentication bypass feature on my Cisco 3750 switch to authenticate
some devices which don't support 802.1x.
The way how it works is that (I figured it out by running debug on the
switch and by using wire
Hello!
I am struggling with a mac-auth-bypass problem with my Cisco 6509s and my
FreeRADIUS
server. The 6509 sends the radius server the request, FreeRADIUS authenticates
it as
OK, but yet my port remains in the "authfail" state on the switch. Does anyone
have
any ideas? Here is my debug out
ot;
Sent: Thursday, June 11, 2009 12:50:26 PM GMT -05:00 US/Canada Eastern
Subject: Re: MAC Authentication
case counts, try adding the entry in your users file with lowercase.
Steve Wu wrote:
> Everyone -
>
> I'm being a bit brain dead most likely. I have been tinkering with
> Free
> I'm being a bit brain dead most likely. I have been tinkering with
> Freeradius and MAC authentication successfully. Now I have a real server
> to build FR on so I proceeded to build the new server. After going through
> the *same* steps to build FR, duplicating the clients.co
t;
To: "FreeRadius users mailing list"
Sent: Thursday, June 11, 2009 12:50:26 PM GMT -05:00 US/Canada Eastern
Subject: Re: MAC Authentication
case counts, try adding the entry in your users file with lowercase.
Steve Wu wrote:
> Everyone -
>
> I'm being a bit brain dead most li
case counts, try adding the entry in your users file with lowercase.
Steve Wu wrote:
> Everyone -
>
> I'm being a bit brain dead most likely. I have been tinkering with
> Freeradius and MAC authentication successfully. Now I have a real
> server to build FR on so I procee
Everyone -
I'm being a bit brain dead most likely. I have been tinkering with Freeradius
and MAC authentication successfully. Now I have a real server to build FR on so
I proceeded to build the new server. After going through the *same* steps to
build FR, duplicating the clients.con
Jacob Baloul wrote:
> I have several NAS / Hotspots installed behind a NAT.
> They are all WRT54GL routers with OpenWRT + Chili and authenticating
> against FreeRadius + DaloRadius which is NOT in this NAT.
> Meaning FreeRadius sees all of the WRT's as coming from the same public
> IP, which also h
Hi All,
I have several NAS / Hotspots installed behind a NAT.
They are all WRT54GL routers with OpenWRT + Chili and authenticating against
FreeRadius + DaloRadius which is NOT in this NAT.
Meaning FreeRadius sees all of the WRT's as coming from the same public IP,
which also happens to be dynamic.
Steve Wu wrote:
> Thanks Tim, that worked, although is that up to each AP manf as to what
> it sends?
Pretty much.
> I have HP420s. I changed the password field to match the MAC
> and it authenticated (I think), but I didn't get an IP.
So... did you run the server in debugging mode? The lo
> Thanks Tim, that worked, although is that up to each AP manf as to what it
> sends?
Yes.
> I changed the password field to match the MAC and it
> authenticated (I think), but I didn't get an IP. The 420 I'm using hands
> out an IP fine when I turn off the MAC auth and have it wide open, so it's
dutmp" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 4 to 10.10.18.241 port 9000
Finished request 1
- Original Message -
From: "Tim Sylvester"
To: "FreeRadius users mailing list"
Steve Wu wrote:
> I want my wireless clients to do MAC authentication via the FR box. I
> have setup my users file to auth two of my test laptops:
>
> 000E35-84610A Auth-Type := Local, User-Password == "esradius"
> 00215C-08B25D Auth-Type := Local, User-Password == "
sers-bounces+tim.sylvester=networkradius@lists.freeradius.org]
On Behalf Of Steve Wu
Sent: Friday, May 08, 2009 8:35 AM
To: freeradius-users@lists.freeradius.org
Subject: FR Using MAC Authentication
Hi -
I have just started tinkering with Freeradius, I built an Ubuntu 8.10 server
box and ins
with the FR box fine (I
think).
I want my wireless clients to do MAC authentication via the FR box.
I have setup my users file to auth two of my test laptops:
000E35-84610A Auth-Type := Local, User-Password == "esradius"
00215C-08B25D Auth-Type := Local, User-Password == "es
for testing, it's chattering
> with the FR box fine (I think).
>
> I want my wireless clients to do MAC authentication via the FR box. I have
> setup my users file to auth two of my test laptops:
>
> 000E35-84610A Auth-Type := Local, User-Password == "esradius"
wireless clients to do MAC authentication via the FR box. I have
setup my users file to auth two of my test laptops:
000E35-84610A Auth-Type := Local, User-Password == "esradius"
00215C-08B25D Auth-Type := Local, User-Password == "esradius"
When either tries to connect up, in th
1 - 100 of 159 matches
Mail list logo