Re: MAC Authentication with FreeRadius
Your guess is correct. I really hope that's the only thing wrong with the config. I'll try it as soon as I have access to the server. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Authentication with FreeRadius
On 28 Feb 2013, at 10:02, Bouchra Badri wrote:
> Hello,
> Sorry to bring this up again.
> I tried to do as you said, and added this line :
> VMPS-VLAN-Name = "%{sql:select radius.maclist.vlanname from radius.maclist
> where radius.maclist.mac='%{VMPS-Mac}'}"
> as well as this one : $INCLUDE /etc/raddb/sql.conf ( don't know why, just
> told my self it made sense if I want the above line to be queried)
> I took the vmps file to sites-enabled so it runs as a virtual server.
> I followed just what I needed from this link
> http://wiki.freeradius.org/guide/SQL%20HOWTO to create the database and grant
> privileges...
> However when I run radiusd I get this ( in the image)
> I know it's probably elementary, but it's that English isn't my forte so I
> don't get what the debug says or why
>
At a guess i'd say you're not using the SQL module anywhere else in the server,
and you need to add it to radiusd.conf in instantiate so it actually gets
loaded...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Authentication with FreeRadius
Great. Thank you good sir. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Authentication with FreeRadius
Hi,
>Yes, of course I'll have to use a Radius server, and many forums say that
>if you put the Mac address in both username and password, it will
>authenticate if - in the switch - you use Mab... And that's exactly what I
>tried to do, but it did not authenticate... Am I doing sth wrong?
you need to check the format that the requests come through as, basically
you need to just ACCEPT on that user-name
>So correct me if i'm wrong : I'll have to uncomment the mac2vlan on vmps
>file, add MAC-ADD,VLAN-NAME to mac2vlan, change the listening port to 1598
>and the auth type to vmps on radiusd.conf, and that's that?
>It's just that... I don't exactly see how dynamic vlan assignment works if
>you only use a flat list, vmps only shows how to query the DB..
you dont need to change any listener etc in radiusd.conf - there is a VMPS
virtual-server you need to activate. THAT has the listening port.
if you want to use eg dynamic VLAN assignments then you need to do the cleve
stuff
in the database. in the same vmps virtual server you will see an 'example' in
the
update reply{} section - commented out by default
#VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}"
so, if a MAC has been banned, you ensure its eg 'vlan' value is changed in your
DB
so the query will return.
we dont use this method, instead we call a PERL module which has all of our
logic/checks/bans
etc in it - this was originally migrated from openvmpsd (which was a good
system but not multi-threaded
and couldnt handle eg simultaneous queries from 48 port switches... VMPS is
dumb it just
updates ALL ports unlike MAB/802.1X which are on seperate timers). when FR
supported
VMPS I got very excited...and we migrated overnight
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Authentication with FreeRadius
Hello, thanks for the quick answer > > > Cisco MAB is a *method* you configure on the switch. it still needs a > backend > to send the request to - eg a RADIUS server Yes, of course I'll have to use a Radius server, and many forums say that if you put the Mac address in both username and password, it will authenticate if - in the switch - you use Mab... And that's exactly what I tried to do, but it did not authenticate... Am I doing sth wrong? > the example VMPS stuff provided gives a clear start. you can either have a > flat list > of MACs or stick then into a DB and have the VMPS module query the DB. > > So correct me if i'm wrong : I'll have to uncomment the mac2vlan on vmps file, add MAC-ADD,VLAN-NAME to mac2vlan, change the listening port to 1598 and the auth type to vmps on radiusd.conf, and that's that? It's just that... I don't exactly see how dynamic vlan assignment works if you only use a flat list, vmps only shows how to query the DB.. Thank you Alan. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Authentication with FreeRadius
Hi, >1 - I was wondering if going through the tuto in wiki.freeradius is >necessary to be able to authenticate using the mac address ? >For one, that rewrite_calling_station_id generates an error at the run of >freeradius, plus I've seen some tutos that say that cisco Mac-auth-Bypass >can do the trick... Cisco MAB is a *method* you configure on the switch. it still needs a backend to send the request to - eg a RADIUS server >2 - I can probably do it using the vmps and mac2vlan files supplied by >FreeRad, but in mac2vlan they say that radiusd.conf shows how to use it in >detail, but that's not the case ! >So can you please provide a clear tutorial on how to use vmps with >freeradius? the example VMPS stuff provided gives a clear start. you can either have a flat list of MACs or stick then into a DB and have the VMPS module query the DB. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC Authentication with FreeRadius
Hi, 1 - I was wondering if going through the tuto in wiki.freeradius is necessary to be able to authenticate using the mac address ? For one, that rewrite_calling_station_id generates an error at the run of freeradius, plus I've seen some tutos that say that cisco Mac-auth-Bypass can do the trick... Can you confirm it please? Because it doesn't work either :( 2 - I can probably do it using the vmps and mac2vlan files supplied by FreeRad, but in mac2vlan they say that radiusd.conf shows how to use it in detail, but that's not the case ! So can you please provide a clear tutorial on how to use vmps with freeradius? Thank you ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
