[RADIATOR] Defining share secret per NASID instead of IP

Bengi Sağlam bengi at socialandbeyond.com
Fri Oct 31 08:01:26 CDT 2014


Hi Heikki,

Thanks for the solution, the syntax has worked for the prefix
'MAC:routerMac'. But I still have problem, now my clause as following:

<ClientListSQL>
> DBSource            dbi:Pg:dbname=test;host=127.0.0.1
> DBUsername       testing
> DBAuth                123456
> GetClientQuery  SELECT 'MAC:00-0C-42-FA-53-30' AS NAME,SECRET FROM CLIENTS
> </ClientListSQL>



>


> *Thu Oct 30 12:58:09 2014 000000: DEBUG: Adding Clients from SQL database*
> *Thu Oct 30 12:58:09 2014 000000: DEBUG: Query to
> 'dbi:Pg:dbname=test;host=127.0.0.1': 'SELECT NAME,'00:0C:42:FA:53:30' AS
> NASID ,SECRET FROM CLIENTS': **Thu Oct 30 12:58:09 2014 000000: DEBUG:
> ClientListSQL adds Client MAC:00:0C:42:FA:53:30*


However in this case Radius does not respond to the client for the
Accounting packet request( the first request after the router is rebooted),
and I receive this in the log:

Fri Oct 31 07:58:58 2014 000000: NOTICE: Request from unknown client
> 217.124.187.43: ignored




For the same case if I use IP for the name instead of MAC prefix, as in
this clause:

<ClientListSQL>
> DBSource               dbi:Pg:dbname=test;host=127.0.0.1
> DBUsername          testing
> DBAuth                   123456
> GetClientQuery SELECT '0.0.0.0/0' AS NAME,SECRET FROM CLIENTS
> </ClientListSQL>


In the radiator log, I can see the Accounting packet request(first request
after reboot) with the status Accounting-On, and Radius responds to client.


>
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Packet dump:***** Received from
> 217.124.187.43 port 34248 ....*
>
> *Packet length = 57*
> *04 03 00 39 ac 82 5e 5b 79 c6 05 9e 76 c6 ac c6*
> *b6 2a dc b5 28 06 00 00 00 07 20 13 30 30 2d 30*
> *43 2d 34 32 2d 46 41 2d 35 33 2d 33 30 29 06 00*
> *00 00 00 04 06 d9 7c bb 2b*
> *Code:       Accounting-Request*
> *Identifier: 3*
> *Authentic:  <172><130>^[y<198><5><158>v<198><172><198><182>*<220><181>*
> *Attributes:*
> * Acct-Status-Type = Accounting-On*
> * NAS-Identifier = "00-0C-42-FA-53-30"*
> * Acct-Delay-Time = 0** NAS-IP-Address = 217.124.187.43*
>
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT', Identifier ''*
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Normal Deleting all sessions for
> 217.124.187.43*
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: do query to '': 'DELETE FROM
> RADONLINE WHERE NASID=REPLACE('00-0C-42-FA-53-30',':','-')': *
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Handling with Radius::AuthSQL: *
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Handling accounting with
> Radius::AuthSQL*
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: AuthBy SQL result: ACCEPT, *
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Accounting accepted*
> *Fri Oct 31 07:51:19 2014 000000: DEBUG: Packet dump:*



> **** Sending to 217.124.187.43 port 34248 ....*
>
> *Packet length = 20*
> *05 03 00 14 38 76 ee 89 39 d6 5c 3d 81 9e 32 52*
> *f0 54 68 7e*
> *Code:       Accounting-Response*
> *Identifier: 3*
> *Authentic:  8v<238><137>9<214>\=<129><158>2R<240>Th~**Attributes:*



Seems like Radius does not respond for the requests when I fetch Secret
with the MAC, if you could suggest any solution for this I would appreciate.

Thanks,
Bengi.



On Thu, Oct 30, 2014 at 11:34 AM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 10/30/2014 12:10 PM, Bengi Sağlam wrote:
>
> > However when radiator receives a SIGHUP signal always interprets NASID
> > as name and complains that "Could not resolve address 00-0C-42-FA-53-30
> > for Client 00-0C-42-FA-53-30".
>
> Try prefixing the MAC address with 'MAC:' when using MAC address as the
> Client name.
>
> Something like this should work. The prefix tells that the name is not a
> host name or IP address.
>
>          name          |      secret
> -----------------------+------------------
> MAC:00-0C-42-FA-53-30  |  xxxxxxxxxxxx
>
>
> Thanks,
> Heikki
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20141031/a248d4b3/attachment.html 


More information about the radiator mailing list