Hi Peter, Thanks for the prompt response! Here are my logs (sorry for the lengthiness):
******** Output of the ORINOCO from radiusd -X: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host XXX.XX.XX.XX:6001, id=31, length=64 User-Name = "00062541e359" User-Password = "3\035\300\350#"ka9y\215\330J\020\000|" NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok radius_xlat: '00062541e359' sql_escape in: '00062541e359' sql_escape out: '00062541e359' sql_set_user: escaped user --> '00062541e359' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC' SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns ok modcall[authorize]: module "files" returns notfound modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 ******** Output of the ORINOCO accounting log: Fri Aug 8 11:39:00 2003 User-Name = "00062541e359" Acct-Session-Id = "00062541e359" NAS-Identifier = "LawSchool1-1" NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = XXX.XX.XX.XX Acct-Unique-Session-Id = "a248070840f3cb22" Timestamp = 1060360740 ******** Output of the CISCO from radiusd -X: Ready to process requests. rad_recv: Access-Request packet from host XXX.XX.XX.XX:1028, id=0, length=143 User-Name = "00022d111111" User-Password = " \\?\276ps\362\307\326\335#!\326\241\210\030" NAS-IP-Address = XXX.XX.XX.XX Called-Station-Id = "000ccec83d0c" NAS-Port = 37 NAS-Port-Type = Wireless-802.11 Cisco-AVPair = "ssid=northgate_wireless" Calling-Station-Id = "00022d111111" NAS-Identifier = "udp001618uds" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok radius_xlat: '00022d111111' sql_escape in: '00022d111111' sql_escape out: '00022d111111' sql_set_user: escaped user --> '00022d111111' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d111111' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d111111' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d111111' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d111111' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00022d111111' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00022d111111' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00022d111111' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00022d111111' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql: Pairs do not match [00022d111111] rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound modcall[authorize]: module "files" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 ******** Output of the CISCO accounting log: Thu Aug 7 14:36:41 2003 Acct-Status-Type = Start User-Name = "00022d111111" Acct-Session-Id = " 500001" Acct-Authentic = Local NAS-Port = 37 Calling-Station-Id = "00022d111111" NAS-Identifier = "udp001617uds" NAS-IP-Address = XXX.XX.XX.XX Cisco-AVPair = "0" Cisco-AVPair = "" Cisco-AVPair = "open" Cisco-AVPair = "northgate_wireless" Acct-Delay-Time = 0 Client-IP-Address = XXX.XX.XX.XX Acct-Unique-Session-Id = "2c817f6a9cb3342f" Timestamp = 1060285001 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: Friday, August 08, 2003 11:17 AM To: [EMAIL PROTECTED]; Mike Hall Subject: Re: Cisco Aironet - MAC authentication problems On Fri August 8 2003 19:01, Mike Hall wrote: > Hi, > > I work for a major University and we have been using Freeradius to do > MAC authentication with Orinoco (Avaya,Proxim) based access point for > about 2 years. We have had no problems, and loved our decision to > implement Freeradius instead of a commercial package. > > Now, many departments want to use the Cisco Aironet line. To our > dismay, we have discovered that they do not authenticate in the same > way as the Orinoco units. I think it has something to do with the > Cisco-AVPair string which is sent to the radius server and/or the > Attribute Value fields. I also think it has related to the Auth-Type > string and/or the dictionary.cisco file. We use a Mysql database to > store the user-names (MAC Addresses). The little info I have found on > the internet is very unclear on what I should to fix this. I have all > the output of mysql/freeradius, but it has been a nightmare trying to > decipher it. > > Has anyone ran across this problem, and if so, could you please tell > what I can do to make Freeradius compatible with Cisco Aironet access > points? I can send you any info/logs about our setup that you need. > I cannot begin to tell you how much I will appreciate any help you can > give us. If you send us the debug output of when an Orinoco unit authenticates and when a cisco tries to authenticate we will try to help you. Maybe others have cisco AP's and can help you, but I don't unfortunately. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html