(RADIATOR) Mac-Adress Check and LDAP on OS X

Tue Mar 1 08:33:22 CST 2005

Hugh, Mikem

Thanks for the help, now the CheckMacAddress works!

But now i have a new problem! See trace 4 at the end!

1.MAC-Address works fine
2. CheckLDAP works fine and ACCEPT
3. A message with AuthFile Reject

Why AuthFile and why this Reject????

regards

Urs

TRACE 4:
Tue Mar  1 15:26:48 2005: DEBUG: LDAP got apple-user-homequota:  
1073741824
Tue Mar  1 15:26:48 2005: DEBUG: LDAP got apple-mcxflags: <?xml  
version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"  
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
         <key>simultaneous_login_enabled</key>
         <false/>
</dict>
</plist>

Tue Mar  1 15:26:48 2005: DEBUG: LDAP got apple-user-homeurl:  
<home_dir><url>afp://file.hopro.edu/Angestellte</url><path>urs_landis</ 
path></home_dir>
Tue Mar  1 15:26:48 2005: DEBUG: LDAP got homeDirectory:  
/Network/Servers/File.hopro.edu/Angestellte/urs_landis
Tue Mar  1 15:26:48 2005: DEBUG: LDAP got buildingName: WLAN
Tue Mar  1 15:26:48 2005: DEBUG: Radius::AuthLDAP2 looks for match with  
urs_landis
Tue Mar  1 15:26:48 2005: DEBUG: Radius::AuthLDAP2 ACCEPT:
Tue Mar  1 15:26:48 2005: DEBUG: EAP result: 1, Bad LEAP Password
Tue Mar  1 15:26:48 2005: DEBUG: Radius::AuthFILE REJECT: Bad LEAP  
Password
Tue Mar  1 15:26:48 2005: DEBUG: AuthBy FILE result: REJECT, Bad LEAP  
Password
Tue Mar  1 15:26:48 2005: INFO: Access rejected for urs_landis: Bad  
LEAP Password
Tue Mar  1 15:26:48 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21649 ....
Code:       Access-Reject
Identifier: 220
Authentic:  Ea<140><183><198><223>a<30><217>j<164>"<173><253>)<18>

Config File:
# leap.cfg
#

Foreground
LogStdout
LogDir          /var/log/radius
DbDir           /etc/radiator

# User a lower trace level in production systems:
Trace           4

<Client DEFAULT>
         Secret  XXXXXX
         DupInterval 0
</Client>

<AuthBy FILE>
         Identifier CheckMACAddress
         Filename %D/addresses.mac
         AuthenticateAttribute Calling-Station-Id
         NoEAP
#       EAPType LEAP
#       EAPType TTLS
#       EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
#       EAPTLS_CertificateFile %D/certificates/cert-srv.pem
#       EAPTLS_CertificateType PEM
#       EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
#       EAPTLS_PrivateKeyPassword whatever
#       EAPTLS_MaxFragmentSize 1000
#       AutoMPPEKeys
</AuthBy>

<AuthBy LDAP2>
         Identifier CheckLDAP
         Host            192.168.1.21
         BaseDN          dc=hopro, dc=edu
         Version         3
         UsernameAttr    uid
         ServerChecksPassword
         EAPType LEAP
#       SearchFilter (&(uid=%1)(buildingName=WLAN))
#       AddToReply buildingName
</AuthBy>

<Handler NAS-Port-Type=Wireless-IEEE-802-11>
         AuthByPolicy ContinueWhileAccept
         AuthBy CheckMACAddress
#       EAPType LEAP
</Handler>

# Handler for radpwtst
<Handler NAS-Port-Type=Async>
         AuthBy CheckMACAddress
</Handler>

Mit freundlichen Grüssen

Urs Landis
ICT
Kantonsschule
Hohe Promenade
Postfach
Promenadengasse 11
CH-8090 Zürich
Tel: 044 - 268 36 29
Nat: 079 - 400 40 01
Am 01.03.2005 um 13:12 schrieb Hugh Irvine:

>> AuthByPolicy ContinueWhileAccept
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 3560 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050301/17703c25/attachment.bin>