Hi, I've setup two different Linux machines with FR and still can't get MAC
authentication working with Calling-Station-Id in the radchk table. I've
checked FAQ and have googled for hours. I've tried a hosted and local mySQL
server.
Right now I'm using FR 2.1.1 on openSUSE. I didn't install freeradius-mysql
on this new Linux machine, because I can't find it. However, I can still do
802.1X/PEAP authentication against my MySQL DB if I don't have the
Calling-Station-Id entry in the radchk table.
I can't get SQL xlat to work in the Clients file either.
I appreciate your help! Thanks!
Associated entries in the radchk table:
DEFAULT Fall-Through = yes
ege...@skynets Cleartext-Password:=
ege...@skynets Calling-Station-Id ==
00-1C-B3-B1-3E-07 (if I remove this entry, I can get authenticated)
Here's most of the debug:
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> ege...@skynets
[sql] sql_set_user escaped user --> 'ege...@skynets'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'ege...@skynets' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'ege...@skynets' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'ege...@skynets' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 190 to 192.168.0.1 port 41576
EAP-Message = 0x016600061920
Message-Authenticator = 0x
State = 0x887600b0881019123d77eed9ad3cef65
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=191,
length=230
User-Name = "ege...@skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b0881019123d77eed9ad3cef65
EAP-Message =
0x0266007d19800073160301006e016a030149d245f8cc2cbd4fe33cdb07dc35b6c8
7acfcc21da980a70fa466c6e819bf49118002f00350005000ac009c00ac013c014003200
380013000401290013001101000e65676569657240736b796e657473000a00080006
001700180019000b00020100
Message-Authenticator = 0x15b99d469f497dd1de41e19b04d463d9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "ege...@skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 102 length 125
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 115
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 006e], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 191 to 192.168.0.1 port 41576
EAP-Message =
0x0167040019c0089b160301002a0226030149d245fcb6267b990aa260afc7ea5b36
69e5ee697512f85665761dad0e9b07762f00160301085e0b00085a0008570003a6308203
a2308202