(RADIATOR) How to differentiate between user auth and MAC address auth

Hugh Irvine hugh at open.com.au
Thu Apr 14 17:22:22 CDT 2005 

Hello Michael -

You will need to look at a trace 4 debug to see what is different 
between the various requests.

regards

Hugh


On 14 Apr 2005, at 18:43, Michael Harlow wrote:

>
> Hi,
>
> I'm wondering if anyone knows how to differentiate between an access 
> request
> from a wireless access point that is part of MAC address 
> authentication for
> association, followed by the username authentication as part of 
> TTLS/PAP.
> Both requests come from the same NAS client, with the same secret, and 
> both
> are access request packets. I need to send the MAC address off to a 
> mysql
> table for checking if it is registered, and usernames thru to an LDAP
> server.
>
> I have the LDAP/username part working, but I need to add the MAC 
> address
> checking as well.
>
> Do I do some sort of fall-thru, checking the MySQL table first, then 
> if not
> found try the LDAP server? Problem is, if a user were to enter their 
> MAC
> address as their username in the 2nd part of the authentication, the
> TTLS-PAP would succeed too, by hitting in the MySQL table, and not 
> looking
> in the LDAP system. Effectively I create passwordless accounts for each
> mac-address that could be used for both access requests.
>
> Any suggestions?
> Thanks, Michael
>
> -------------------------------------------------
> Michael Harlow              Private Bag 69
> Network Engineer            Hobart Tasmania 7001
> IT Resources                Ph  03 6226 1812
> University of Tasmania      Mob 0438 26 1812
> Michael.Harlow at utas.edu.au  Fx  03 6226 7171
> -------------------------------------------------
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list