[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Jonathan Karras" <jkarras at karras dot net>, "Lloyd Palfrey" <lloyd at wsufftrust dot org dot uk>
 Cc:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Radius Mac Authentication failure with IAS
 Date:  Wed, 3 May 2006 18:05:40 +0200
Expect this to be incorporated in one of the new m0n0wall releases.

J.

-- 
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
jonathan dot de dot graeve at imelda dot be

---------
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
---------

> -----Oorspronkelijk bericht-----
> Van: Jonathan Karras [mailto:jkarras at karras dot net]
> Verzonden: woensdag 3 mei 2006 18:03
> Aan: Lloyd Palfrey
> CC: m0n0wall dash dev at lists dot m0n0 dot ch
> Onderwerp: Re: [m0n0wall-dev] Radius Mac Authentication failure with
IAS
> 
> I would agree with that request. I would say while its being changed
to
> make it a pop down menu with some other options.
> 
> Single Dash   000000-000000
> Dashed        00-00-00-00-00-00
> Double Period 0000.0000.0000
> Colon	      00:00:00:00:00:00
> 
> I think those are all the types our Proxim WAP's support. At work we
ran
> into a problem similar to this. Our original WiFi buildout used
> Proxim/Orinoco AP's starting many years ago the decision was to use
the
> Single Dash method. Well now we are slowly moving to Cisco AP's and
have
> found that they don't support the single dash.
> 
> Jonathan
> 
> Lloyd Palfrey wrote:
> > Yeah I've found the problem
> >
> > Most radius servres don't support ":" in the username. IMHO this
> > should be stripped out before sent to the radius server..
> >
> > Anyone thinking the same?
> >
> > -----Original Message----- From: Jonathan Karras
> > [mailto:jkarras at karras dot net] Sent: 03 May 2006 16:39 To: Lloyd
Palfrey
> >  Cc: m0n0wall dash dev at lists dot m0n0 dot ch Subject: Re: [m0n0wall-dev] Radius
> > Mac Authentication failure with IAS
> >
> > Lloyd Palfrey wrote:
> >> I've created the username and password in active directory called
> >> 00:07:e9L:81:66:39 - However the prewindows2000 name cant have ":"
> >> so I have to remove them for that.
> >>
> >> Every time I try to access a page through the captive portal it
> >> takes me to the username/password box. Failing to auto
> >> authenticate. It sends the username and password but that fails.
> >> I've also tried sending the mac address as the username and
> >> password manually.. This also
> > fails.
> >> Can anyone shed any light on this? Maybe the ":"'s should be
> >> removed from the mac addresses before it trys to auth?
> >>
> >> Any help would be greatfull appreciated.
> >>
> >> Many Thanks
> >>
> >
> > I have not used Win2K3 for my radius/LDAP combo but with my
> > FreeRadius/OpenLDAP combo I did just as you said above.
> >
> > I went into the "RADIUS MAC authentication" section of captive
> > portal. Set the check box to enable. Then set a shared secret. I
then
> > used this secret as the password on the user who's username was the
> > MAC with colon's. This seemed to work for me.
> >
> > Jonathan
> >
> >
> >
> > Disclaimer - May 3, 2006 This email and any files transmitted with
it
> > are confidential and intended solely for 'Jonathan Karras'. If you
> > are not the named addressee you should not disseminate, distribute,
> > copy or alter this email. Any views or opinions presented in this
> > email are solely those of the author and might not represent those
of
> > West Suffolk Hospital. Warning: Although we've has taken reasonable
> > precautions to ensure no viruses are present in this email, we
cannot
> > accept responsibility for any loss or damage arising from the use of
> > this email or attachments.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> 
>