Its alive!! Using your radcheck configuration the Cisco 1200 APs work
with freeradius <wipes brow>. But of course, I have another
problem...the Orinoco APs don't work with this configuration! Some
debugging brought me to this conclusion on what will work for the
different access points:
**************** ORINOCO AP ****************
+-----+--------------+---------------+--------------+-----+
| id | UserName | Attribute | Value | op |
+-----+--------------+---------------+--------------+-----+
| 123 | MacAddress | User-Password | SharedSecret | == |
+-----+--------------+---------------+--------------+-----+
**************** CISCO AP ****************
+-----+--------------+---------------+-------------+-----+
| id | UserName | Attribute | Value | op |
+-----+--------------+---------------+-------------+-----+
| 123 | MacAddress | User-Password | MacAddress | == |
+-----+--------------+---------------+-------------+-----+
So what now? I could create 2 different tables, then use something
(please help me here, huntgroups?) to tell freeradius which type of AP
is making the request, then use the correct sql statement to select on
mysql. Fun, Fun. Another option is to modify the modcall[authorize]
sql statement to say something like if "Username = MacAddress OR
Username = SharedSecret". The problem is that "Username will never equal
SharedSecret"! Im almost there...Please Help!
--
Mike Hall
Telecom Analyst
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 3:36 PM
To: [EMAIL PROTECTED]
Subject: (no subject)
On a Cisco AP 340 or better, MAC-based Auth. uses the
MAC-address of the client as both the user and password.
In your radcheck table, UserName is MAC-address, Attribute is
'Password', op is '==' and Value is MAC-address.
Works great and you do not have to restart radius when you add
MAC-addresses.
Hope this helps.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
