Hi,
I'm stumped.
We have a few orinico AP-2000's that we're trying to set up mac-address
control through radius.
The authentication works fine. The shared secrets are correct,
everything's configured right, etc...
Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives
an accounting request from any AP2000, it complains that the shared secret
is not the same, and rejects it.
Now, I've read all the e-mails I could find about this, and I've tried all
kinds of things, and I still can't get it to work, with freeradius.
On an off chance, I tried it with cistron radius instead, with basicly the
same exact configuration, and wa-la, everything works!
This is the account record that the AP sends back to radius (as recorded
by cistron):
Thu Oct 9 14:06:52 2003
User-Name = "00-0c-41-0c-f3-ea"
Acct-Session-Id = "00-0c-41-0c-f3-ea"
NAS-Identifier = "wolfe-ap1"
NAS-IP-Address = 66.92.46.190
NAS-Port = 2
NAS-Port-Type = 19
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Client-IP-Address = 66.92.46.190
Timestamp = 1065722812
Request-Authenticator = Unverified
I did however notice the following statistics on the orinoco:
Primary Authentication Server
Access Requests 1
Access Accepts 1
Access Retransmissions 3
Access Rejects 0
Access Challenges 0
Malformed Access Responses 0
Authentication Bad Authenticators 1 <<< ?
Timeouts 3
Primary Accounting Server
Accounting Requests 1
Accounting Retransmissions 0
Accounting Responses 1
Accounting Bad Authenticators 1 <<< ?
And any password being passed to radius comes back in a jumbled string of
letters and numbers, about 50 characters long.
This is my freeradius config:
clients:
66.92.46.190 <<ss>>
clients.conf:
client 66.92.46.190 {
secret = <<ss>>
nastype = portslave
shortname = wolfe1-ap1
}
naslist:
66.92.46.190 wolfe1-ap1 portslave
Anyone have any ideas? I'd really like to use freeradius, I want mysql.
Thanks in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
