Re: MAC Auth. for Orinoco AP-1000 not working (log attached)
You are right Mark, I have made the users only in users file and not anywhere else. -Shahid [EMAIL PROTECTED] wrote: 30-Jan-03 at 14:20, Shahid M. Bhatti ([EMAIL PROTECTED]) wrote : Hi, I'm trying to authenticate Wireless Access Point of Orinoco/Lucent/Avaya/Agere/Proxim with Free Radius server. I've made the user as AP's MAC address in /etc/raddb/users file and conf file, but when I start the radius server in debig mode I get the following messages which I have attached below. Please have a look at it and help me in figuring out what should I do? Thanks a bunch. If I am reading this right, you said that you put the MAC addresses of the AP's in the conf file. Which conf file? The only place that the MAC addresses should be is in the /etc/raddb/users file. In your clients.conf you should have the IP addresses and passwords for your APs. Your MAC addresses and such should also be at the end of your users file. Other than that, there really isn't much more to it. Mark Capelle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Auth. for Orinoco AP-1000 not working (log attached)
That's true, and that's why I have included the MAC address of the Access Point and the Wireless PC Card both in the "users" file like this: #Access Point 3152C 00022d-191cb3 Auth-Type = Local, User-Password == "testing123" Service-Type = Framed-User, #PC Card Orinoco Gold (Test Laptop) 00022d-677c37 Auth-Type = Local, User-Password == "testing123" Service-Type = Framed-User, On Fri, 31 Jan 2003, Evren Yurtesen wrote: > well it is sending mac address as username, > you should perhaps set the usernames in users file as mac addresses. > what do you have in users file now? > > Evren > > On Thu, 30 Jan 2003, Shahid M. Bhatti wrote: > > > Hi, > > I'm trying to authenticate Wireless Access Point of > > Orinoco/Lucent/Avaya/Agere/Proxim with Free Radius server. I've made the > > user as AP's MAC address in /etc/raddb/users file and conf file, but when > > I start the radius server in debig mode I get the following messages which > > I have attached below. Please have a look at it and help me in figuring > > out what should I do? Thanks a bunch. > > > > -Shahid > > > > Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on > > 1814/udp. > > Ready to process requests. > > rad_recv: Access-Request packet from host 128.111.20.96:192, id=1, > > length=59 > > NAS-IP-Address = 128.111.20.96 > > User-Name = "00022d-677c37" > > User-Password = "testing123" > > modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > rlm_chap: Could not find proper Chap-Password attribute in request > > modcall[authorize]: module "chap" returns noop > > modcall[authorize]: module "mschap" returns notfound > > rlm_realm: No '@' in User-Name = "00022d-677c37", looking up realm > > NULL > > rlm_realm: No such realm NULL > > modcall[authorize]: module "suffix" returns noop > > users: Matched DEFAULT at 162 > > modcall[authorize]: module "files" returns ok > > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type System > > auth: type "System" > > modcall: entering group authenticate > > modcall[authenticate]: module "unix" returns notfound > > modcall: group authenticate returns notfound > > auth: Failed to validate the user. > > Delaying request 0 for 1 seconds > > Finished request 0 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > rad_recv: Access-Request packet from host 128.111.20.96:192, id=1, > > length=59 > > Sending Access-Reject of id 1 to 128.111.20.96:192 > > --- Walking the entire request list --- > > Waking up in 5 seconds... > > --- Walking the entire request list --- > > Cleaning up request 0 ID 1 with timestamp 3e39a2f4 > > Nothing to do. Sleeping until we see a request. > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC Auth. for Orinoco AP-1000 not working (log attached)
Hi, I'm trying to authenticate Wireless Access Point of Orinoco/Lucent/Avaya/Agere/Proxim with Free Radius server. I've made the user as AP's MAC address in /etc/raddb/users file and conf file, but when I start the radius server in debig mode I get the following messages which I have attached below. Please have a look at it and help me in figuring out what should I do? Thanks a bunch. -Shahid Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 128.111.20.96:192, id=1, length=59 NAS-IP-Address = 128.111.20.96 User-Name = "00022d-677c37" User-Password = "testing123" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "00022d-677c37", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 162 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns notfound modcall: group authenticate returns notfound auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 128.111.20.96:192, id=1, length=59 Sending Access-Reject of id 1 to 128.111.20.96:192 --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 3e39a2f4 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Which takes priority? MAC ACL or Radius on Orinoco AP-1000
Hi, I am trying to implement MAC based authentication with the (Lucent)Orinoco's wireless access point AP-1000 and the FreeRadius here. Now if you own an AP-1000 you might be aware that there you can do either MAC filtering and/or Radius based authentication on that AP. So my question is that which takes priority out of the two methods when we have enabled both of them at the same time on this access point? Second question is that now that I'm interested in doing Radius based authentication only so in what state should the MAC access control table should be? because if you notice you can only "Delete All" MAC addresses from the MAC authentication table but you cannot say to block all of them! Thanks in advance for all your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC auth. for Orinoco wireless APs not working?
Hi gurus,
I am trying to implement mac address authentication on Lucent Orinoco's
wireless access points AP-1000 which have Radius capability already built in
them. I have made the wireless access point as the client of radius in the
/etc/raddb/clients.conf file say like this:
client 128.111.20.0/24 {
secret = testing123
shortname = CS Test
}
After this I made the wireless access point's wireless eth card int. as a
user in /etc/raddb/users file like this:
#Access Point 3152C
00022d-0302b0 Auth-Type = Local, User-Password == "testing123"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 128.111.20.96,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
After this I made the wireless clients mac addresses as users in the same
file in a similar manner as above.
But this doesn't work unfortunately! The wireless client (which is actually
a Laptop with Orinoco Silver PC card cannot talk to the network. This
essentially means that the radius server is not authenticating this client.
I can say this because the Laptop can ping the IP address of the wireless AP
but it cannot ping anywhere else.
I am wondering if the format of my /etc/raddb/clients.conf file is correct
or not? Because I have not found any formal syntax for this file anywhere.
Please have a look at my files format as I have given above and tell me if
this is correct or not? I will be thankful for all your help.
-SMB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Format of clients.conf for MAC authentication ?
Hi, If anybody has used FreeRADIUS for MAC address authentication with any NAS, may I please ask for the clients.conf file for this? Actually my setup is not working and I was wondering if my file format of/etc/raddb/clients.conf is alright or not? I have installed FreeRadius on Linux Red Hat 7.3. And I am trying to do MAC address authentication for Lucent Orinoco's Silver PCMCIA wireless ethernet cards. Thanks in advance for the help. -SMB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
