Re: FR and Orinoco AP-2000 Problem
Upgrade to firmware version 2.3.1. It sounds like you're using firmware version 2.2.2 which had the problem you describe. --Mike On Thu, 2003-10-09 at 13:16, Joe Antkowiak wrote: Hi, I'm stumped. We have a few orinico AP-2000's that we're trying to set up mac-address control through radius. The authentication works fine. The shared secrets are correct, everything's configured right, etc... Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives an accounting request from any AP2000, it complains that the shared secret is not the same, and rejects it. Now, I've read all the e-mails I could find about this, and I've tried all kinds of things, and I still can't get it to work, with freeradius. On an off chance, I tried it with cistron radius instead, with basicly the same exact configuration, and wa-la, everything works! This is the account record that the AP sends back to radius (as recorded by cistron): Thu Oct 9 14:06:52 2003 User-Name = 00-0c-41-0c-f3-ea Acct-Session-Id = 00-0c-41-0c-f3-ea NAS-Identifier = wolfe-ap1 NAS-IP-Address = 66.92.46.190 NAS-Port = 2 NAS-Port-Type = 19 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = 66.92.46.190 Timestamp = 1065722812 Request-Authenticator = Unverified I did however notice the following statistics on the orinoco: Primary Authentication Server Access Requests 1 Access Accepts 1 Access Retransmissions 3 Access Rejects 0 Access Challenges 0 Malformed Access Responses 0 Authentication Bad Authenticators 1 ? Timeouts 3 Primary Accounting Server Accounting Requests 1 Accounting Retransmissions 0 Accounting Responses 1 Accounting Bad Authenticators 1 ? And any password being passed to radius comes back in a jumbled string of letters and numbers, about 50 characters long. This is my freeradius config: clients: 66.92.46.190 ss clients.conf: client 66.92.46.190 { secret = ss nastype = portslave shortname = wolfe1-ap1 } naslist: 66.92.46.190wolfe1-ap1 portslave Anyone have any ideas? I'd really like to use freeradius, I want mysql. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR and Orinoco AP-2000 Problem
You do have your ssecret set the same in *both* the radacctable and radiustbl, right? --Mike On Thu, 2003-10-09 at 14:24, Joe Antkowiak wrote: I am using 2.3.1 =( AP-2000 v2.3.1(554) Do I need a new 2.3.1 build? Upgrade to firmware version 2.3.1. It sounds like you're using firmware version 2.2.2 which had the problem you describe. --Mike On Thu, 2003-10-09 at 13:16, Joe Antkowiak wrote: Hi, I'm stumped. We have a few orinico AP-2000's that we're trying to set up mac-address control through radius. The authentication works fine. The shared secrets are correct, everything's configured right, etc... Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives an accounting request from any AP2000, it complains that the shared secret is not the same, and rejects it. Now, I've read all the e-mails I could find about this, and I've tried all kinds of things, and I still can't get it to work, with freeradius. On an off chance, I tried it with cistron radius instead, with basicly the same exact configuration, and wa-la, everything works! This is the account record that the AP sends back to radius (as recorded by cistron): Thu Oct 9 14:06:52 2003 User-Name = 00-0c-41-0c-f3-ea Acct-Session-Id = 00-0c-41-0c-f3-ea NAS-Identifier = wolfe-ap1 NAS-IP-Address = 66.92.46.190 NAS-Port = 2 NAS-Port-Type = 19 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = 66.92.46.190 Timestamp = 1065722812 Request-Authenticator = Unverified I did however notice the following statistics on the orinoco: Primary Authentication Server Access Requests 1 Access Accepts 1 Access Retransmissions 3 Access Rejects 0 Access Challenges 0 Malformed Access Responses 0 Authentication Bad Authenticators 1 ? Timeouts 3 Primary Accounting Server Accounting Requests 1 Accounting Retransmissions 0 Accounting Responses 1 Accounting Bad Authenticators 1 ? And any password being passed to radius comes back in a jumbled string of letters and numbers, about 50 characters long. This is my freeradius config: clients: 66.92.46.190 ss clients.conf: client 66.92.46.190 { secret = ss nastype = portslave shortname = wolfe1-ap1 } naslist: 66.92.46.190wolfe1-ap1 portslave Anyone have any ideas? I'd really like to use freeradius, I want mysql. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR and Orinoco AP-2000 Problem
I'm not using mysql yet... I have the same ssecret set the same in clients, clients.conf, and naspasswd. I also tried just setting it in clients.conf. You do have your ssecret set the same in *both* the radacctable and radiustbl, right? --Mike On Thu, 2003-10-09 at 14:24, Joe Antkowiak wrote: I am using 2.3.1 =( AP-2000 v2.3.1(554) Do I need a new 2.3.1 build? Upgrade to firmware version 2.3.1. It sounds like you're using firmware version 2.2.2 which had the problem you describe. --Mike On Thu, 2003-10-09 at 13:16, Joe Antkowiak wrote: Hi, I'm stumped. We have a few orinico AP-2000's that we're trying to set up mac-address control through radius. The authentication works fine. The shared secrets are correct, everything's configured right, etc... Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives an accounting request from any AP2000, it complains that the shared secret is not the same, and rejects it. Now, I've read all the e-mails I could find about this, and I've tried all kinds of things, and I still can't get it to work, with freeradius. On an off chance, I tried it with cistron radius instead, with basicly the same exact configuration, and wa-la, everything works! This is the account record that the AP sends back to radius (as recorded by cistron): Thu Oct 9 14:06:52 2003 User-Name = 00-0c-41-0c-f3-ea Acct-Session-Id = 00-0c-41-0c-f3-ea NAS-Identifier = wolfe-ap1 NAS-IP-Address = 66.92.46.190 NAS-Port = 2 NAS-Port-Type = 19 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = 66.92.46.190 Timestamp = 1065722812 Request-Authenticator = Unverified I did however notice the following statistics on the orinoco: Primary Authentication Server Access Requests 1 Access Accepts 1 Access Retransmissions 3 Access Rejects 0 Access Challenges 0 Malformed Access Responses 0 Authentication Bad Authenticators 1 ? Timeouts 3 Primary Accounting Server Accounting Requests 1 Accounting Retransmissions 0 Accounting Responses 1 Accounting Bad Authenticators 1 ? And any password being passed to radius comes back in a jumbled string of letters and numbers, about 50 characters long. This is my freeradius config: clients: 66.92.46.190 ss clients.conf: client 66.92.46.190 { secret = ss nastype = portslave shortname = wolfe1-ap1 } naslist: 66.92.46.190wolfe1-ap1 portslave Anyone have any ideas? I'd really like to use freeradius, I want mysql. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html