we a trying to add mac authentication to our wireless aps radius request
comes in like so.
rad_recv: Access-Request packet from host 10.250.100.3:1038, id=119,
length=95
Service-Type = Framed-User
NAS-Port-Id = wlan1
User-Name = 00:0B:6B:56:1D:48
User-Password =
this looks great for my purpose as well thanks very much for your help
Alan,
The problem for me was that when the ldapsearch failed to find the MAC
address, freeradius didn't reject authorisation.
The solution for me, ( I'm sure the big boys can point out how it's
wrong ), was the following
Markus Krause wrote:
i am not sure if your approach could really fullfill my needs (no
redundancy, serving different types of requests) ... but i would
really like to know ;-)
Hmm.
Without more details it's difficult to say, but what you need does not
sound excessively difficult. At
Zitat von Phil Mayers [EMAIL PROTECTED]:
Markus Krause wrote:
i am not sure if your approach could really fullfill my needs (no
redundancy, serving different types of requests) ... but i would
really like to know ;-)
Hmm.
Without more details it's difficult to say, but what you need does
Markus Krause wrote:
modules {
...
ldap LdapUser1 {
ldapserv1
}
ldap LdapUser2 {
ldapserv2
}
...
}
authorize {
...
Autz-Type LdapUser {
redundant {
LdapUser1
Zitat von Phil Mayers [EMAIL PROTECTED]:
Markus Krause wrote:
modules {
...
ldap LdapUser1 {
ldapserv1
}
ldap LdapUser2 {
ldapserv2
}
...
}
authorize {
...
Autz-Type LdapUser {
redundant {
Markus Krause wrote:
but what if the Auth-Type is not set, for example in a perl module
(btw. how can i set the auth-type? that would solve my problem here!).
example:
we (will) have a wlan which can be used by all our users known in ldap
and we have additional accounts saved in sql,
Martin Whinnery wrote:
Markus Krause wrote:
Zitat von Martin Whinnery [EMAIL PROTECTED]:
Hi.
Probly just me not understanding...
What I want is for our switches to only allow access to MAC addresses in
our LDAP database.
I don't want to store passwords on our LDAP host
Hi.
Probly just me not understanding...
What I want is for our switches to only allow access to MAC addresses in
our LDAP database.
I don't want to store passwords on our LDAP host entries.
I'm set up to check LDAP during authorisation, and it correctly returns
authorised / not authorised
Zitat von Martin Whinnery [EMAIL PROTECTED]:
Hi.
Probly just me not understanding...
What I want is for our switches to only allow access to MAC addresses in
our LDAP database.
I don't want to store passwords on our LDAP host entries.
I'm set up to check LDAP during authorisation, and
Markus Krause wrote:
don't no if it is a good solution, but i just do this by setting the
following in radiusd.conf:
authenticate {
...
Auth-Type LdapMAC {
ok
}
...
}
the Auth-Type is set in users file depending on huntgroups:
DEFAULT Huntgroup-Name
Markus Krause wrote:
Zitat von Martin Whinnery [EMAIL PROTECTED]:
Hi.
Probly just me not understanding...
What I want is for our switches to only allow access to MAC addresses in
our LDAP database.
I don't want to store passwords on our LDAP host entries.
I'm set up to check LDAP
Zitat von Phil Mayers [EMAIL PROTECTED]:
Markus Krause wrote:
don't no if it is a good solution, but i just do this by setting the
following in radiusd.conf:
authenticate {
...
Auth-Type LdapMAC {
ok
}
...
}
the Auth-Type is set in users file depending on
Zitat von Martin Whinnery [EMAIL PROTECTED]:
Thanks Markus,
the problem seems to be that the authorisation pass returns notfound,
whereas I want it to reject, as if it found an entry in LDAP without
the appropriate attribute.
Mart
Hi Mart,
ugh, you are of course right, i forgot on
14 matches
Mail list logo