Re: [RADIATOR] Cisco 5508 passing mac for mac auth

2015-02-18 Thread A . L . M . Buxey 
Hi,

>When using a Cisco Wireless controller I have mac delimiters and 3 modes
>of operation:
>- Other - (In the Radius Access Request with Mac Authentication Password
>is NOT sent.)
>- Free Radius - (In the Radius Access Request with Mac Authentication
>Password is controller's shared secret with radius server.)

huh?  FreeRADIUS quite happily takes Mac address with the MAC address as 
password...
in fact, you'd have to do quite a bit of work and ignore some key WIKI docs to 
make
that description above work! :/

> - Cisco ACS - (In the Radius Access Request with Mac Authentication
>password is client's MAC address.)

this one is what you want to use with RADIATOR (and FreeRADIUS ;-)) , then just 
list the
MAC addresses as username and as password in your "Users" file for that method 
(I assume
you'll have a seperate policy so call in this particular MAC list Users file 
for a handler
for that service.

alan
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Cisco 5508 passing mac for mac auth

2015-02-17 Thread Hugh Irvine 

Hello Gabe -

I would probably use the third mode with MAC address for both username and 
password.

If you are doing simple authentication (ie. not EAP), a simple AuthBy FILE 
clause will suffice.

Something like this:


…..



Filename %D/macaddresses.txt
AddToReply …..



…..


macaddress.txt would look something like this:

# macaddress.txt
# file containing MAC addresses for both username and password

c8:2a:14:50:13:22  Password = c8:2a:14:50:13:22

c8:2a:14:50:13:33  Password = c8:2a:14:50:13:33

c8:2a:14:50:13:44  Password = c8:2a:14:50:13:44

…..


If you have further questions please include a trace 4 debug showing what is 
happening.

regards

Hugh


> On 18 Feb 2015, at 12:34, Gabe Carmichael  wrote:
> 
> All,
> When using a Cisco Wireless controller I have mac delimiters and 3 modes of 
> operation:
> 
> - Other - (In the Radius Access Request with Mac Authentication Password is 
> NOT sent.)
> 
> - Free Radius - (In the Radius Access Request with Mac Authentication 
> Password is controller's shared secret with radius server.)
> 
>  - Cisco ACS - (In the Radius Access Request with Mac Authentication password 
> is client's MAC address.)
> 
> my question is, I am trying to get Radiator to auth by mac addresses in a 
> flat file. Which mode do I need to use, and how would I need it mod my config 
> file? Attached is a copy of my config. 
> 
> -- 
> Gabe Carmichael
> Systems Analyst - Networking/Email
> Lower Kuskokwim School District
> 907-543-4860
> LKSD Internal 4 digit dial - 4860
> Skype: gabes72riv
> g...@lksd.org
> 
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Cisco 5508 passing mac for mac auth

2015-02-17 Thread Gabe Carmichael 
All,
When using a Cisco Wireless controller I have mac delimiters and 3 modes of
operation:

- Other - (In the Radius Access Request with Mac Authentication Password is
NOT sent.)

- Free Radius - (In the Radius Access Request with Mac Authentication
Password is controller's shared secret with radius server.)

 - Cisco ACS - (In the Radius Access Request with Mac Authentication
password is client's MAC address.)

my question is, I am trying to get Radiator to auth by mac addresses in a
flat file. Which mode do I need to use, and how would I need it mod my
config file? Attached is a copy of my config.

-- 

Gabe Carmichael
Systems Analyst - Networking/Email
Lower Kuskokwim School District
907-543-4860
LKSD Internal 4 digit dial - 4860
Skype: gabes72riv
g...@lksd.org 


macauth.cfg
Description: Binary data
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator