(RADIATOR) Tracking 802.1x access via postauth hook.

John McFadden dasjlm at uwo.ca
Wed Aug 20 12:08:52 CDT 2003 

I'd like to write an access audit trail to a database via a postauth 
hook and it looked good until but I tried
to use the calling_station_id attribute as the mac address.  

It shows up ok when I processing the anonymous id it but is blank when 
I'm processing the real userid.

I suspect it's because it's EAP and the tunnel is hiding the mac as the 
the Identifier is UNDEF as show it trace included at bottom of note.

Is this correct?

Is there another way to get the mac from the request or reply?

Any other suggestions?

Thanks in advance

John McFadden


Code:       Access-Request
Identifier: 22
Authentic:  .v<230>1<171><128>2<200><143><189>+<22>a<146><31>L
Attributes:
    User-Name = "anonymous"
    NAS-IP-Address = 129.100.182.17
    Called-Station-Id = "00a0f8a45f4a"
    Calling-Station-Id = "00022d23fa21"
    NAS-Identifier = "W1NSC211Cx.nsc.wireless.uwo.ca"
    NAS-Port = 29
    Framed-MTU = 1300
    NAS-Port-Type = Wireless-IEEE-802-11
    EAP-Message = 
<2><238><0>G<21><128><0><0><0>=<23><3><1><0>8<153><23>\<193><11><181><177>Ssns<10><243><167><140>vD<213>&<143>a<131><4><230><148><213><247>a<26><13>60@<221>8_<167><1><149><243><179>!<168><218>s<27>C&<171><132><247><198>_x_<169>
    Message-Authenticator = 
v:`5<150><1><243><226><23><207><156>T[0<229><165>

Wed Aug 20 12:27:50 2003: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Aug 20 12:27:50 2003: DEBUG:  Deleting session for anonymous, 
129.100.182.17, 29
Wed Aug 20 12:27:50 2003: DEBUG: Handling with Radius::AuthLDAP2: UwoLdap
Wed Aug 20 12:27:50 2003: DEBUG: Handling with EAP: code 2, 238, 71
Wed Aug 20 12:27:50 2003: DEBUG: Response type 21
Wed Aug 20 12:27:50 2003: DEBUG: EAP TTLS inner authentication request 
for dasjlm
Wed Aug 20 12:27:50 2003: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <172>[A<241>=<200><147>~<245><10><150>8<227>C<8><185>
Attributes:
    User-Name = "dasjlm"
    User-Password = "xxxxxxx"



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list