(RADIATOR) Airespace Mac-addr MySql problem
Hugh Irvine
hugh at open.com.au
Thu May 31 17:59:27 CDT 2007
Hello Michael -
I'm pleased its working now - many thanks for letting me know.
regards
Hugh
On 31 May 2007, at 19:38, Michael Harlow wrote:
>
> Hello Hugh,
>
> As I struggled to work thru what you were asking for (I've
> inherited this a
> little bit, so a bit vague on the way it all works), a light bulb
> went off.
>
> The old Autonomous AP were performing mac "authentication", whereas
> the new
> WiSM/lightweight is doing mac "filter".
>
> The old way used to fill both the username and password fields with
> the
> mac-address of the client. And we were actually comparing a field/
> result
> from the database against the radius password field. A little bit
> wrong, but
> it worked.
>
> The new WiSM controller might only be filling in the username
> field, and
> putting something else (or nothing) in the password field. So no
> wonder the
> compare from the database against the password field might have
> been dodge.
>
> So, we added:
>
> AuthColumnDef 0,User-Name,check
>
> And now it compares the mac-addr returned from the database against
> the
> radius user-name field, and it all works. Probably what we should
> have had
> in the first place.
>
> Regards, Michael.
>
> PS. I have another issue, but I'll start a fresh thread on it.
>
> --------------------------------------------
> Michael Harlow Private Bag 69
> Network Engineer Hobart Tasmania 7001
> IT Resources Ph 03 6226 1812
> University of Tasmania Mob 0438 26 1812
> Michael.Harlow at utas.edu.au Fx 03 6226 7171
> --------------------------------------------
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, 31 May 2007 3:24 PM
> To: Michael Harlow
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Airespace Mac-addr MySql problem
>
>
> Hello Michael -
>
> Can you please send me the shared secrets for the two cases?
>
> The passwords in the two cases appear to be different.
>
> You can also try testing with radpwtst to verify what is happening.
>
> I see that you have defined an AuthSelect statement, but no
> AuthColumnDef's - is this what you mean to do?
>
> By default Radiator will use the results of the AuthSelect to check
> the password against he first column, do check items against the
> second column and use the third column for reply attributes.
>
> Can you also send us the results of the AuthSelect when it is run by
> hand?
>
> regards
>
> Hugh
>
>
> On 30 May 2007, at 12:32, Michael Harlow wrote:
>
>>
>> Hi,
>>
>> I've been using Radiator for some years now, and perform both
>> username and
>> mac address filtering. When I use a Cisco "stand-alone" access
>> point, things
>> are just fine. Below is the Access Request, and MySQL lookup of my
>> mac-addr
>> to validate my connection. After this (not shown) normal username/
>> pass
>> against LDAP is performed. All is well.
>>
>> However, when I try and use our new light-weight access points,
>> thru an
>> Airespace/Cisco controller (WiSM), there are problems. If I disable
>> the
>> mac-addr checks, the LDAP authentication works just fine. It is
>> when I add
>> the mac-addr check in, that it is rejected. I have looked at log
>> files at
>> high debug, and actual packet sniffs with wireshark, and the MySQL
>> requests
>> are identical, and return the save value. However, the logic within
>> Radiator
>> fails the comparison and rejects the request. I've attached below
>> debugs of
>> this as well.
>>
>> Does anyone know what is going wrong?
>>
>> Thanks, Michael.
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list