(RADIATOR) Calling-Station and Called-Station ID Hook
hugh at open.com.au
Mon Feb 9 14:52:47 CST 2004
Hello Terry -
Please send us a copy when you are finished and we will consider adding
it to the "goodies".
thanks and regards
On 10 Feb 2004, at 06:18, Terry Simons wrote:
> I have been working on a hook for Radiator that fixes broken
> accounting that many Wireless Access Points seem to have.
> The problem is that many APs do not account the "Calling Station ID"
> and "Called Station ID" attributes when they send an accounting
> This is problematic for 802.1x authentications, because without that
> information it isn't possible to tie a MAC address of a user to an
> authentication attempt.
> This problem appears in the following APs:
> D-Link DWL 900AP+ (All versions)
> Proxim/Avaya (And likely all Agere-based derivitives... likely the HP
> models too) AP-2000.
> Cisco 1200 series (This problem doesn't seem to appear in the older
> VxWorks code, but we have seen it with certain versions of IOS, still
> The Proxim APs are braindead in that they use the Accounting Station
> ID to store the MAC address of the authenticated user. I think the
> appropriate behavior would be to also account Calling-Station-Id, but
> they do not.
> And likely many many others.
> My hook is based off of the eap_anon_hook.pl script, written by Mike
> My question is whether or not this might be useful for others in the
> Radiator community.
> This script should work for pretty much any AP that accounts, but
> doesn't account properly.
> I'm pretty new to this, so I don't know if I've done everything
> correctly, but I'd like to make it available for others.
> Is this something that might be interesting in the Radiator goodies
> I should be finished with the script this week, so if anyone is
> interested please let me know.
> - Terry
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator