(RADIATOR) Airespace Mac-addr MySql problem

Michael Harlow Michael.Harlow at utas.edu.au
Thu May 31 04:38:15 CDT 2007


Hello Hugh,

As I struggled to work thru what you were asking for (I've inherited this a
little bit, so a bit vague on the way it all works), a light bulb went off.

The old Autonomous AP were performing mac "authentication", whereas the new
WiSM/lightweight is doing mac "filter". 

The old way used to fill both the username and password fields with the
mac-address of the client. And we were actually comparing a field/result
from the database against the radius password field. A little bit wrong, but
it worked. 

The new WiSM controller might only be filling in the username field, and
putting something else (or nothing) in the password field. So no wonder the
compare from the database against the password field might have been dodge.

So, we added:

AuthColumnDef 0,User-Name,check

And now it compares the mac-addr returned from the database against the
radius user-name field, and it all works. Probably what we should have had
in the first place.

Regards, Michael.

PS. I have another issue, but I'll start a fresh thread on it.

--------------------------------------------
Michael Harlow                Private Bag 69
Network Engineer        Hobart Tasmania 7001
IT Resources                Ph  03 6226 1812
University of Tasmania      Mob 0438 26 1812
Michael.Harlow at utas.edu.au  Fx  03 6226 7171
--------------------------------------------
 
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Thursday, 31 May 2007 3:24 PM
To: Michael Harlow
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Airespace Mac-addr MySql problem


Hello Michael -

Can you please send me the shared secrets for the two cases?

The passwords in the two cases appear to be different.

You can also try testing with radpwtst to verify what is happening.

I see that you have defined an AuthSelect statement, but no  
AuthColumnDef's - is this what you mean to do?

By default Radiator will use the results of the AuthSelect to check  
the password against he first column, do check items against the  
second column and use the third column for reply attributes.

Can you also send us the results of the AuthSelect when it is run by  
hand?

regards

Hugh


On 30 May 2007, at 12:32, Michael Harlow wrote:

>
> Hi,
>
> I've been using Radiator for some years now, and perform both  
> username and
> mac address filtering. When I use a Cisco "stand-alone" access  
> point, things
> are just fine. Below is the Access Request, and MySQL lookup of my  
> mac-addr
> to validate my connection. After this (not shown) normal username/pass
> against LDAP is performed. All is well.
>
> However, when I try and use our new light-weight access points,  
> thru an
> Airespace/Cisco controller (WiSM), there are problems. If I disable  
> the
> mac-addr checks, the LDAP authentication works just fine. It is  
> when I add
> the mac-addr check in, that it is rejected. I have looked at log  
> files at
> high debug, and actual packet sniffs with wireshark, and the MySQL  
> requests
> are identical, and return the save value. However, the logic within  
> Radiator
> fails the comparison and rejects the request. I've attached below  
> debugs of
> this as well.
>
> Does anyone know what is going wrong?
>
> Thanks, Michael.
>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list