It uses it figure out how to detect double logins, I think. -- AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02 -- Jay DeSotel Systems Administrator InterLink L.C. <[EMAIL PROTECTED]>
On Thu, 9 Oct 2003, Joe Antkowiak wrote: > Tried that too... is there another one I need to use maybe? orinoco uses > lucent gear... But would that cause this kind of problem? What exactly > does the NAS-type make radius do differently? > > > > Maybe try changing your NAS type to other? > > > > -- > > AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02 > > -- > > Jay DeSotel > > Systems Administrator > > InterLink L.C. > > <[EMAIL PROTECTED]> > > > > On Thu, 9 Oct 2003, Joe Antkowiak wrote: > > > >> Ok, so I read a little more, and it looks like there is a problem with > >> my > >> shared secret, on the orinoco side. > >> > >> I've entered and re-entered the shared secret on the orinoco AP to no > >> avail. Just to make sure it works, I tried this exact config with a > >> cisco > >> AP and it works fine. > >> > >> Is there something special I have to do when getting an Orinoco AP to > >> talk > >> to freeradius, ie to/for the shared key? What NAS type should I use? > >> (Would that have anything to do with this?) > >> > >> It only authenticates because I have Auth-Type := Accept set on every > >> mac > >> address user. > >> > >> -Joe > >> > >> > Hi, > >> > > >> > I'm stumped. > >> > > >> > We have a few orinico AP-2000's that we're trying to set up > >> mac-address > >> > control through radius. > >> > > >> > The authentication works fine. The shared secrets are correct, > >> > everything's configured right, etc... > >> > > >> > Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) > >> receives > >> > an accounting request from any AP2000, it complains that the shared > >> secret > >> > is not the same, and rejects it. > >> > > >> > Now, I've read all the e-mails I could find about this, and I've tried > >> all > >> > kinds of things, and I still can't get it to work, with freeradius. > >> > > >> > On an off chance, I tried it with cistron radius instead, with basicly > >> the > >> > same exact configuration, and wa-la, everything works! > >> > > >> > This is the account record that the AP sends back to radius (as > >> recorded > >> > by cistron): > >> > Thu Oct 9 14:06:52 2003 > >> > User-Name = "00-0c-41-0c-f3-ea" > >> > Acct-Session-Id = "00-0c-41-0c-f3-ea" > >> > NAS-Identifier = "wolfe-ap1" > >> > NAS-IP-Address = 66.92.46.190 > >> > NAS-Port = 2 > >> > NAS-Port-Type = 19 > >> > Acct-Authentic = RADIUS > >> > Acct-Status-Type = Start > >> > Client-IP-Address = 66.92.46.190 > >> > Timestamp = 1065722812 > >> > Request-Authenticator = Unverified > >> > > >> > > >> > I did however notice the following statistics on the orinoco: > >> > > >> > Primary Authentication Server > >> > Access Requests 1 > >> > Access Accepts 1 > >> > Access Retransmissions 3 > >> > Access Rejects 0 > >> > Access Challenges 0 > >> > Malformed Access Responses 0 > >> > Authentication Bad Authenticators 1 <<< ? > >> > Timeouts 3 > >> > > >> > Primary Accounting Server > >> > Accounting Requests 1 > >> > Accounting Retransmissions 0 > >> > Accounting Responses 1 > >> > Accounting Bad Authenticators 1 <<< ? > >> > > >> > > >> > And any password being passed to radius comes back in a jumbled string > >> of > >> > letters and numbers, about 50 characters long. > >> > > >> > > >> > This is my freeradius config: > >> > > >> > clients: > >> > 66.92.46.190 <<ss>> > >> > > >> > clients.conf: > >> > client 66.92.46.190 { > >> > secret = <<ss>> > >> > nastype = portslave > >> > shortname = wolfe1-ap1 > >> > } > >> > > >> > naslist: > >> > 66.92.46.190 wolfe1-ap1 portslave > >> > > >> > > >> > > >> > Anyone have any ideas? I'd really like to use freeradius, I want > >> mysql. > >> > > >> > Thanks in advance. > >> > > >> > - > >> > List info/subscribe/unsubscribe? See > >> > http://www.freeradius.org/list/users.html > >> > > >> > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html