Hello all,
We're using Cisco Aironet 1200's, and wanted to implement MAC authentication.
I have successfully gotten it working with entries in the "users" file in Freeradius
.9. However, when I tried to change it over to authenticate against a MySQL database,
I've run into some problems.
I'm using the standard schemata for the database, but I'm not clear as to what
to put in which fields. The AP is successfully sending the mac address as the
username/password to the Radius server. I'm also using the standard queries included
with Freeradius. Here is the output from the radius server:
<Snip>
rad_recv: Access-Request packet from host 10.10.19.60:1645, id=64, length=119
User-Name = "00e063500e6a"
User-Password = "00e063500e6a"
Called-Station-Id = "000d.28dd.6391"
Calling-Station-Id = "00e0.6350.0e6a"
NAS-Port-Type = Virtual
NAS-Port = 279
NAS-IP-Address = 10.10.19.60
NAS-Identifier = "ap_maclellan529"
rad_lowerpair: User-Name now '00e063500e6a'
rad_lowerpair: User-Password now '00e063500e6a'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "00e063500e6a", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 153
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
radius_xlat: '00e063500e6a'
rlm_sql (sql): sql_set_user escaped user --> '00e063500e6a'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'00e063500e6a' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '00e063500e6a' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'00e063500e6a' ORDER BY id'
rlm_sql: unknown attribute static
rlm_sql (sql): Error getting data from database
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '00e063500e6a' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.
Login incorrect: [00e063500e6a/00e063500e6a] (from client student-aps port 279 cli
00e0.6350.0e6a)
____________________________________________________________________________________________________
<End Snip>
If anybody could give me an idea of where I should enter the username/password into
the database, it would be most helpful. I haven't been successful in finding the
document that outlines this (perhaps I'm not looking in the right place).
Also, in terms of features... In the response from the Freeradius server, can I give
the Access Point an IP address to pass to the client (as well as subnet mask, dns
servers, etc)? Does the client pick this up just like it's coming from a DHCP server?
Thanks for your help,
John Tracy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
