I'm trying to have freeradius authenticate MAC addresses or userids for
wireless access points. I have the MAC addresses defined in the users file
like this
00062518a9e6 User-Password == "00062518a9e6"
and the userids authenticate their passwords against LDAP. What I'm seeing
is even though the MAC address entry is found it, the LDAP server is also
being asked about the MAC address, before the password is verified.
I'd like for it not to do that since the LDAP server doesn't know about them.
I've tried setting things like fall-through and that seems to only effect
scanning the rest of the users file, and using regular expressions to
match the format of MAC address and userids to force the auth-type with no
luck.
Does anyone have any other ideas I can try?
rad_recv: Access-Request packet from host 10.255.200.1:1645, id=203, length=118
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
User-Name = "00062518a9e6"
User-Password = "00062518a9e6"
Called-Station-Id = "000d.ed4c.fbcf"
Calling-Station-Id = "0006.2518.a9e6"
NAS-Port-Type = Virtual
NAS-Port = 387
NAS-IP-Address = 10.255.200.1
NAS-Identifier = "ACCESSPOINT1"
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "00062518a9e6", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched 00062518a9e6 at 247
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 00062518a9e6
radius_xlat: '(cn=00062518a9e6)'
radius_xlat: 'ou=people,o=ul'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to lserver.louisville.edu:389
rlm_ldap: bind as / to lserver.louisville.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,o=ul, with filter (cn=00062518a9e6)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
modcall: group authorize returns ok for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [00062518a9e6] (from client NetworkManagement port 387 cli 0006.2518.a9e6)
Sending Access-Accept of id 203 to 10.255.200.1:1645
Finished request 0
--
Hans K. Fiedler Information Technology
Network Analyst Communications Services
[EMAIL PROTECTED] 109 Miller Info Tech Center
(502)852-7417 (Voice) University of Louisville
(502)852-4508 (Fax) Louisville, Ky. 40292
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
