Hi
there,
I'm trying to use
FreeRadius 1.1.1 to authenticate MAC addresses from a Cisco Aironet 1231
wireless access point.
I have the perl
module working, and it can compare a MAC address sent by the access point and
return the Access-Accept message and the access point is all
happy. This is done using the "return RLM_MODULE_OK"
message.
However, returning
an Access-Reject message ("return RLM_MODULE_REJECT") just makes the access
point continually keep sending Access-Request messages every time a
Access-Reject message is returned. Is this normal? I can't see it...
What I'm wanting to
do is tell the access point that this MAC address is not valid, go away until it
connects again...
Here is the
Access-Reject message that I return:
rad_recv: Access-Request packet from host 172.20.1.201:1645, id=166, length=113
User-Name = "009096beba0c"
User-Password = "009096beba0c"
Called-Station-Id = "0014.693c.6250"
Calling-Station-Id = "0090.96be.ba0c"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 665
NAS-IP-Address = 172.20.1.201
NAS-Identifier = "ap1"
perl_pool: item 0x97a51b0 asigned new request. Handled so far: 3
found interpetator at address 0x97a51b0
rlm_perl: RAD_REQUEST: NAS-Port-Type = Wireless-802.11
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: Calling-Station-Id = 0090.96be.ba0c
rlm_perl: RAD_REQUEST: Called-Station-Id = 0014.693c.6250
rlm_perl: RAD_REQUEST: Client-IP-Address = 172.20.1.201
rlm_perl: RAD_REQUEST: User-Name = 009096beba0c
rlm_perl: RAD_REQUEST: NAS-Identifier = ap1
rlm_perl: RAD_REQUEST: User-Password = 009096beba0c
rlm_perl: RAD_REQUEST: NAS-Port = 665
rlm_perl: RAD_REQUEST: NAS-IP-Address = 172.20.1.201
rlm_perl: Added pair Password-Retry = 0
rlm_perl: Added pair Reply-Message = Sorry, no authentication
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x97a51b0
Sending Access-Reject of id 166 to 172.20.1.201 port 1645
Reply-Message = "Sorry, no authentication"
As you can see, i've
added the Password-Retry option, but to no avail...
Can anyone shed any
light on this?
Thanks,
Dave Smith
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
