(RADIATOR) Calling-Station and Called-Station ID Hook

Hugh Irvine hugh at open.com.au
Mon Feb 9 14:52:47 CST 2004 

Hello Terry -

Please send us a copy when you are finished and we will consider adding 
it to the "goodies".

thanks and regards

Hugh


On 10 Feb 2004, at 06:18, Terry Simons wrote:

> Hi,
>
> I have been working on a hook for Radiator that fixes broken 
> accounting that many Wireless Access Points seem to have.
>
> The problem is that many APs do not account  the "Calling Station ID" 
> and "Called Station ID" attributes when they send an accounting 
> record.
>
> This is problematic for 802.1x authentications, because without that 
> information it isn't possible to tie a MAC address of a user to an 
> authentication attempt.
>
> This problem appears in the following APs:
>
> D-Link DWL 900AP+ (All versions)
> Proxim/Avaya (And likely all Agere-based derivitives... likely the HP 
> models too) AP-2000.
> Cisco 1200 series (This problem doesn't seem to appear in the older 
> VxWorks code, but we have seen it with certain versions of IOS, still 
> testing)
>
> The Proxim APs are braindead in that they use the Accounting Station 
> ID to store the MAC address of the authenticated user.  I think the 
> appropriate behavior would be to also account Calling-Station-Id, but 
> they do not.
>
> And likely many many others.
>
> My hook is based off of the eap_anon_hook.pl script, written by Mike 
> McCauley.
>
> My question is whether or not this might be useful for others in the 
> Radiator community.
>
> This script should work for pretty much any AP that accounts, but 
> doesn't account properly.
>
> I'm pretty new to this, so I don't know if I've done everything 
> correctly, but I'd like to make it available for others.
>
> Is this something that might be interesting in the Radiator goodies 
> directory?
>
> I should be finished with the script this week, so if anyone is 
> interested please let me know.
>
> - Terry
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list