Hi Peter, Thanks for the prompt response! Here are my logs (sorry for
the lengthiness):
******** Output of the ORINOCO from radiusd -X:
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host XXX.XX.XX.XX:6001, id=31,
length=64
User-Name = "00062541e359"
User-Password = "3\035\300\350#"ka9y\215\330J\020\000|"
NAS-IP-Address = XXX.XX.XX.XX
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
radius_xlat: '00062541e359'
sql_escape in: '00062541e359'
sql_escape out: '00062541e359'
sql_set_user: escaped user --> '00062541e359'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '00062541e359' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'00062541e359' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '00062541e359' ORDER BY id' SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'00062541e359' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '00062541e359' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '00062541e359' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName =
'00062541e359' AND ( Attribute = 'User-Password' OR Attribute =
'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC'
SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND
( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute =
'Crypt-Password') ORDER BY Attribute DESC
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password Sending
Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1
******** Output of the ORINOCO accounting log:
Fri Aug 8 11:39:00 2003
User-Name = "00062541e359"
Acct-Session-Id = "00062541e359"
NAS-Identifier = "LawSchool1-1"
NAS-IP-Address = XXX.XX.XX.XX
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Client-IP-Address = XXX.XX.XX.XX
Acct-Unique-Session-Id = "a248070840f3cb22"
Timestamp = 1060360740
******** Output of the CISCO from radiusd -X:
Ready to process requests.
rad_recv: Access-Request packet from host XXX.XX.XX.XX:1028, id=0,
length=143
User-Name = "00022d111111"
User-Password = " \\?\276ps\362\307\326\335#!\326\241\210\030"
NAS-IP-Address = XXX.XX.XX.XX
Called-Station-Id = "000ccec83d0c"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Cisco-AVPair = "ssid=northgate_wireless"
Calling-Station-Id = "00022d111111"
NAS-Identifier = "udp001618uds"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
radius_xlat: '00022d111111'
sql_escape in: '00022d111111'
sql_escape out: '00022d111111'
sql_set_user: escaped user --> '00022d111111'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '00022d111111' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'00022d111111' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '00022d111111' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '00022d111111' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '00022d111111' ORDER BY id' SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'00022d111111' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '00022d111111' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '00022d111111' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql: Pairs do not match [00022d111111]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns ok
auth: No Auth-Type configuration for the request, rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
******** Output of the CISCO accounting log:
Thu Aug 7 14:36:41 2003
Acct-Status-Type = Start
User-Name = "00022d111111"
Acct-Session-Id = " 500001"
Acct-Authentic = Local
NAS-Port = 37
Calling-Station-Id = "00022d111111"
NAS-Identifier = "udp001617uds"
NAS-IP-Address = XXX.XX.XX.XX
Cisco-AVPair = "0"
Cisco-AVPair = ""
Cisco-AVPair = "open"
Cisco-AVPair = "northgate_wireless"
Acct-Delay-Time = 0
Client-IP-Address = XXX.XX.XX.XX
Acct-Unique-Session-Id = "2c817f6a9cb3342f"
Timestamp = 1060285001
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
Nixon
Sent: Friday, August 08, 2003 11:17 AM
To: [EMAIL PROTECTED]; Mike Hall
Subject: Re: Cisco Aironet - MAC authentication problems
On Fri August 8 2003 19:01, Mike Hall wrote:
> Hi,
>
> I work for a major University and we have been using Freeradius to do
> MAC authentication with Orinoco (Avaya,Proxim) based access point for
> about 2 years. We have had no problems, and loved our decision to
> implement Freeradius instead of a commercial package.
>
> Now, many departments want to use the Cisco Aironet line. To our
> dismay, we have discovered that they do not authenticate in the same
> way as the Orinoco units. I think it has something to do with the
> Cisco-AVPair string which is sent to the radius server and/or the
> Attribute Value fields. I also think it has related to the Auth-Type
> string and/or the dictionary.cisco file. We use a Mysql database to
> store the user-names (MAC Addresses). The little info I have found on
> the internet is very unclear on what I should to fix this. I have all
> the output of mysql/freeradius, but it has been a nightmare trying to
> decipher it.
>
> Has anyone ran across this problem, and if so, could you please tell
> what I can do to make Freeradius compatible with Cisco Aironet access
> points? I can send you any info/logs about our setup that you need.
> I cannot begin to tell you how much I will appreciate any help you can
> give us.
If you send us the debug output of when an Orinoco unit authenticates
and when
a cisco tries to authenticate we will try to help you. Maybe others have
cisco AP's and can help you, but I don't unfortunately.
Cheers
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
