Hello list, I'm completely new on this field with the concept of radius authentication. For the last 2 weeks i read tons of docs about this concept. I am confused. My task looks like a simple one: - linux workstations running xsupplicant 1.0 (wired mode) - windows XP and 2000 with 802.1x support - cisco catalyst 3550 switch SMI license - freeradius 1.0.1 that have to authenticate each workstation on the network when plugged into the switch based on their mac address.
Could someone point me to some comprehensive howto's about how should I configure the freeradius to authenticate the clients based on their mac address with the catalyst in the middle? I have compiled and installed freeradius with no errors. The configuration files are the default ones, with the following additions: in clients.conf i have added 192.168.10.10 { secret = 1234567 shortname = ciscocatalyst nastype = cisco } in users i have addded someuser Auth-Type := Local Service-Type = Framed-User the cisco catalyst is configured for radius: aaa new-model aaa authentication dot1x default enable group radius radius-server host 192.168.10.217 auth-port 1812 acct-port 1813 radius-server retransmit 3 radius-server key 1234567 ! ! freeradius connected to FE 0/1 ! interface FastEthernet0/1 switchport access vlan 100 switchport mode access no cdp enable spanning-tree portfast ! ! client connected to FE0/2 ! interface FastEthernet0/2 switchport access vlan 100 switchport mode access dot1x port-control auto With radius running from the cmd line "radiusd -A -X" i get this messages on the screen and the client is never authenticated: rad_recv: Access-Request packet from host 192.168.10.10:1812, id=77, length=122 NAS-IP-Address = 192.168.10.10 NAS-Port-Type = Async User-Name = "someuser" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-10-a4-99-8c-c4" EAP-Message = 0x020000150159424e494e5445524e4154494f4e414c Message-Authenticator = 0x914c5e809544da2aacf9babe83e2542b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "someuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 0 length 21 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched DEFAULT at 152 users: Matched DEFAULT at 171 users: Matched someuser at 219 modcall[authorize]: module "files" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 77 to 192.168.10.10:1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 77 with timestamp 417fb130 Nothing to do. Sleeping until we see a request. for the above debug i used linux workstation with its mac-address 00-10-a4-99-8c-c4 Please help. Kind Regards, Adrian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html