(RADIATOR) Cisco WLAN, LDAP OS X

Hugh Irvine hugh at open.com.au
Sun Feb 27 04:07:26 CST 2005


Hello Urs -

You will find some example EAP configuration files in 
"goodies/eap_*.cfg", including one that supports multiple EAP methods.

I will need to see a trace 4 debug showing what is happening to be able 
to say much more.

For the VLAN-ID you should use an AddToReply with the appropriate reply 
attribute for your access point.

regards

Hugh


On 27 Feb 2005, at 10:20, Urs Landis wrote:

> Hi all
>
> I try to make a Config for:
> A WLAN Client connect to Cisco Access Point witch connects to the 
> Radiator
> Radiator should do:
> 1. Check mac-address against a local list,
> 2. Check username and passwort against a Mac OS X LDAP-Server
> 3. Feedback to the access-point with VLAN-ID (not yet implemented in 
> my config, how can i do that?)
>
> And this should work with TTLS, LEAP, ....  (in my config now just 
> TTLS)
>
> Till now the local testtool works with the LDAP Server and the 
> mac-address test, but it dosnt work with the WLAN Clients
>
>
> I copied my config, what is missing in that?
>
>
> best regards
>
>
>
> Urs Landis
> ICT
> Kantonsschule
> Hohe Promenade
> Promenadengasse 11
> CH-8001 Zürich
>
>
> Config:
> Foreground
> LogStdout
> LogDir          /var/log/radius
> DbDir           /etc/radiator
>
> # User a lower trace level in production systems:
> Trace           4
>
> <Client DEFAULT>
>         Secret  xyxyxyxxy
>         DupInterval 0
> </Client>
>
> <AuthBy FILE>
>         Identifier CheckMACAddress
>         Filename %D/addresses.mac
>         AuthenticateAttribute Calling-Station-Id
>         EAPType TTLS
>         EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>         EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>         EAPTLS_CertificateType PEM
>         EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>         EAPTLS_PrivateKeyPassword whatever
>         EAPTLS_MaxFragmentSize 1000
>         AutoMPPEKeys
> </AuthBy>
>
> <AuthBy LDAP2>
>         Identifier CheckLDAP
>         Host            xxx.yyy.xxx.yyy
>         BaseDN          dc=yyyyy, dc=xxx
>         Version         3
>         UsernameAttr    uid
>         ServerChecksPassword
>         SearchFilter (&(uid=%1)(buildingName=WLAN))
> </AuthBy>
> <Handler DEFAULT>
>         AuthBy CheckMACAddress
> </Handler>
>
>
>
> Mit freundlichen Grüssen
>
>
> Urs Landis
> ICT
> Kantonsschule
> Hohe Promenade
> Promenadengasse 11
> CH-8001 Zürich
> Tel: 044 - 268 36 29
> Nat: 079 - 400 40 01
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list