[ previous ] [ next ] [ threads ]
 
 From:  Jonathan Karras <jkarras at karras dot net>
 To:  Lloyd Palfrey <lloyd at wsufftrust dot org dot uk>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Radius Mac Authentication failure with IAS
 Date:  Wed, 03 May 2006 10:03:11 -0600
I would agree with that request. I would say while its being changed to 
make it a pop down menu with some other options.

Single Dash   000000-000000
Dashed        00-00-00-00-00-00
Double Period 0000.0000.0000
Colon	      00:00:00:00:00:00

I think those are all the types our Proxim WAP's support. At work we ran 
into a problem similar to this. Our original WiFi buildout used 
Proxim/Orinoco AP's starting many years ago the decision was to use the 
Single Dash method. Well now we are slowly moving to Cisco AP's and have 
found that they don't support the single dash.

Jonathan

Lloyd Palfrey wrote:
> Yeah I've found the problem
> 
> Most radius servres don't support ":" in the username. IMHO this
> should be stripped out before sent to the radius server..
> 
> Anyone thinking the same?
> 
> -----Original Message----- From: Jonathan Karras
> [mailto:jkarras at karras dot net] Sent: 03 May 2006 16:39 To: Lloyd Palfrey
>  Cc: m0n0wall dash dev at lists dot m0n0 dot ch Subject: Re: [m0n0wall-dev] Radius
> Mac Authentication failure with IAS
> 
> Lloyd Palfrey wrote:
>> I've created the username and password in active directory called 
>> 00:07:e9L:81:66:39 - However the prewindows2000 name cant have ":"
>> so I have to remove them for that.
>> 
>> Every time I try to access a page through the captive portal it
>> takes me to the username/password box. Failing to auto
>> authenticate. It sends the username and password but that fails.
>> I've also tried sending the mac address as the username and
>> password manually.. This also
> fails.
>> Can anyone shed any light on this? Maybe the ":"'s should be
>> removed from the mac addresses before it trys to auth?
>> 
>> Any help would be greatfull appreciated.
>> 
>> Many Thanks
>> 
> 
> I have not used Win2K3 for my radius/LDAP combo but with my 
> FreeRadius/OpenLDAP combo I did just as you said above.
> 
> I went into the "RADIUS MAC authentication" section of captive
> portal. Set the check box to enable. Then set a shared secret. I then
> used this secret as the password on the user who's username was the
> MAC with colon's. This seemed to work for me.
> 
> Jonathan
> 
> 
> 
> Disclaimer - May 3, 2006 This email and any files transmitted with it
> are confidential and intended solely for 'Jonathan Karras'. If you
> are not the named addressee you should not disseminate, distribute,
> copy or alter this email. Any views or opinions presented in this
> email are solely those of the author and might not represent those of
> West Suffolk Hospital. Warning: Although we've has taken reasonable
> precautions to ensure no viruses are present in this email, we cannot
> accept responsibility for any loss or damage arising from the use of
> this email or attachments.