I ran Freeradius in debug mode already to check this: rad_recv: Access-Request packet from host 192.168.1.170 port 3098, id=201, length=286 User-Name = "krijn" NAS-Identifier = "00-0b-6b-4f-80-65:isiline" NAS-IP-Address = 192.168.1.170 NAS-Port = 5 NAS-Port-Id = "ath0" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Framed-MTU = 1400 Called-Station-Id = "00-0B-6B-4F-80-65:isiline" Calling-Station-Id = "00-0B-6B-D9-D0-14" Event-Timestamp = "Oct 4 2010 19:10:41 CEST" WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=(null)" WISPr-Location-Name = "(null),(null)" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x697a4088697b55320faa946fa7f606af Message-Authenticator = 0x73ade7409a1c7def5027792de162bd0b
Met vriendelijke groet/Kind regards, Krijn Tanis WiMood Kerkstraat 8/10 3252 AX Goedereede Tel.: +31 (0) 187 82 0204 Fax: +31 (0) 187 49 1596 Mob.: +31 (0) 6 10923259 Mail: i...@wimood.nl Web: http://www.wimood.nl -----Oorspronkelijk bericht----- Van: freeradius-users-bounces+krijntanis=wimood...@lists.freeradius.org [mailto:freeradius-users-bounces+krijntanis=wimood...@lists.freeradius.org] Namens Tim Sylvester Verzonden: maandag 4 oktober 2010 20:16 Aan: 'FreeRadius users mailing list' Onderwerp: RE: Check multiple attributes for one user Run the server in debug mode (radiusd -X) and check the attributes sent by the NAS. The NAS may not be sending the Calling-Station-Id or it may be in a different format. Either way, the debug output is going to give you more information. Tim > -----Original Message----- > From: freeradius-users- > bounces+tim.sylvester=networkradius....@lists.freeradius.org > [mailto:freeradius-users- > bounces+tim.sylvester=networkradius....@lists.freeradius.org] On > bounces+Behalf > Of Krijn Tanis | WiMood > Sent: Monday, October 04, 2010 10:59 AM > To: freeradius-users@lists.freeradius.org > Subject: Check multiple attributes for one user > > Hello all, > > For a project I am working on 802.1x WPA-EAP authentication and for > this I use a Freeradius server. This part of authentication works > perfect. > > Now I also want to check the Calling-Station-Id for the user, in this > case it is MAC address of the wireless client. I want this because I > want to allow the user to connect only from one MAC address (else user > is able to use a other device that is not in our control, I want to > prevent this. So I want to check the Password and Calling-Station-Id > in one and the same Access Request. If both match an Access-Accept is > sent, in all other cases (when password or Calling-Station-Id do not > match for the user) an Access-Reject. > > I tried to do this: > > +----+----------------+--------------------+------------------+------+ > | id | UserName | Attribute | Value | Op | > +----+----------------+--------------------+------------------+------+ > | 1 | krijn | Calling-Station-Id | 00-0B-6B-D9-D0-14| == | > | 2 | krijn | Cleartext-Password | test123 | := | > > But this doesnt work, the user is rejected. Can somebody point me > into the right direction? > > Kind regards, > > Krijn Tanis > WiMood > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html