Freeradius w/ mikrotik - blank password issue

Thu, 14 Jun 2007 10:40:38 -0700 

Hello everyone,

I have a problem I have worked on for a couple of days now and just can't get 
it to work. Searched the forum really good and actually found a fix for one 
issue I was having. I have also searched the Mikrotik forum as well as the web 
from one end to the other. Nothing seems to be able to answer this one 
question, though.

Here is the deal. I have a working FreeRadius server (latest version). It works 
with Mikrotik to authenticate with user name / password using PAP.

Mikrotik can authenticate by MAC address, but it's docs says it sends a blank 
password. What they also don't tell you in their weak documentation, is that 
the colons in the MAC address will foobar freeradius authentication. I fixed 
that problem by adding this to radiusd.conf:

attr_rewrite mac_colons {
                 attribute = User-Name
                 searchin = packet
                 searchfor = ":"
                 replacewith = ""
                 ignore_case = yes
                 new_attribute = no
                 max_matches = 10
                 append = no
         }

This appears to work fine. If someone would help me with this one last issue, I 
would be a happy camper.

The Mikrotik documentation (weak) says that it sends a "blank password" when 
authenticating by MAC. I have looked up one side and down the other, but I 
can't get FreeRadius to accept no password. I tried this, but it fails:

attr_rewrite blank_password {
                 attribute = User-Password
                 searchin = packet
                 searchfor = ""
                 replacewith = "password"
                 ignore_case = yes
                 new_attribute = no
                 max_matches = 10
                 append = no
         }

And then I added something like this to the "users" file: 00095B23389F    
User-Password := "password"


If there is a password, the above works. For instance, I can change "password" 
to "password1" using the above script, and it will authenticate. But if there 
is no password, it gets this error:

rlm_attr_rewrite: Could not find value pair for attribute User-Password

Well guys, I'm an extreme newbie with freeradius, but there has to be something 
I'm missing somewhere in order to authenticate by mac address through mikrotik. 
Other people are doing it. I'm just missing some little something somewhere, I 
know. I have also seen other wireless equipment that sends a blank password 
when authenticating by MAC...and people use freeradius with it. 

Any help would be greatly appreciated.

Thanks,

Jay Banks






 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to