Hello all, We're using Cisco Aironet 1200's, and wanted to implement MAC authentication. I have successfully gotten it working with entries in the "users" file in Freeradius .9. However, when I tried to change it over to authenticate against a MySQL database, I've run into some problems. I'm using the standard schemata for the database, but I'm not clear as to what to put in which fields. The AP is successfully sending the mac address as the username/password to the Radius server. I'm also using the standard queries included with Freeradius. Here is the output from the radius server:
<Snip> rad_recv: Access-Request packet from host 10.10.19.60:1645, id=64, length=119 User-Name = "00e063500e6a" User-Password = "00e063500e6a" Called-Station-Id = "000d.28dd.6391" Calling-Station-Id = "00e0.6350.0e6a" NAS-Port-Type = Virtual NAS-Port = 279 NAS-IP-Address = 10.10.19.60 NAS-Identifier = "ap_maclellan529" rad_lowerpair: User-Name now '00e063500e6a' rad_lowerpair: User-Password now '00e063500e6a' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: EAP-Message not found modcall[authorize]: module "eap" returns noop rlm_realm: No '@' in User-Name = "00e063500e6a", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 153 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop radius_xlat: '00e063500e6a' rlm_sql (sql): sql_set_user escaped user --> '00e063500e6a' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00e063500e6a' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00e063500e6a' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00e063500e6a' ORDER BY id' rlm_sql: unknown attribute static rlm_sql (sql): Error getting data from database radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00e063500e6a' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns notfound modcall: group authenticate returns notfound auth: Failed to validate the user. Login incorrect: [00e063500e6a/00e063500e6a] (from client student-aps port 279 cli 00e0.6350.0e6a) ____________________________________________________________________________________________________ <End Snip> If anybody could give me an idea of where I should enter the username/password into the database, it would be most helpful. I haven't been successful in finding the document that outlines this (perhaps I'm not looking in the right place). Also, in terms of features... In the response from the Freeradius server, can I give the Access Point an IP address to pass to the client (as well as subnet mask, dns servers, etc)? Does the client pick this up just like it's coming from a DHCP server? Thanks for your help, John Tracy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html