|
||||||||||
When a user creates an account on my system (via my own code/system) it inserts the info into the radius db. I need a way to #1 get their MAC addie (not the m0n0wall machines) and #2 a way to make radius deny clients access if they attempt to login w/ a username/password that doesn't match the MAC address they signed up with. The only way I can see this happening is if m0n0wall providers their MAC to radius or something when logging in. Cheers, David On Oct 20, 2004, at 21:27, Denis Mirassou wrote: > Ok, I was wrong :-( > > How do you want to do a check on user MAC address ? Using "Deny > unknown clients" in DHCP config ? > > Denis > > David Orman wrote: >> The secret was wrong in the client configuration table. I sorted it, >> and it worked like a charm. Now I'm trying to figure out to get each >> user's MAC address so I can prevent them from sharing accounts with >> buddies. :) Any input would be much appreciated. >> Cheers, >> David >> On Oct 20, 2004, at 20:57, Denis Mirassou wrote: >>> Hi, >>> >>> According logs, Radius is taking care of user name and password >>> provided by this NAS, so I think the NAS is well configured in his >>> Free Radius clients.conf file. >>> >>> It seems there is a pb of password encryption, I don't use MySQL >>> with Radius. >>> Are MySQL tables of MyISAM type ? >>> Is Value attribute from radcheck table of Password type (ie >>> encrypted ?) >>> >>> Denis >>> >>> Mitch (WebCob) wrote: >>> >>>> Is your mono in the allow list on the radius server? radius servers >>>> don't >>>> accept auth's from all "NAS" - you have to have the NAS in the >>>> config of the >>>> radius server, and you have to have set the same shared secret, >>>> which is >>>> used to encrypt the password... >>>> m/ >>>> >>>>> -----Original Message----- >>>>> From: David Orman [mailto:david dot orman at orblivion dot com] >>>>> Sent: Wednesday, October 20, 2004 3:00 AM >>>>> To: m0n0wall at lists dot m0n0 dot ch >>>>> Subject: [m0n0wall] troubles with radius/captive portal - please >>>>> advise >>>>> >>>>> >>>>> Hi all. :) >>>>> >>>>> I've gotten my soekris in, and am trying to get captive >>>>> portal working >>>>> w/ radius (freeradius + mysql specifically). >>>>> >>>>> I made an entry for a "test" user with "test" password in the db, >>>>> this >>>>> is what it looks like... >>>>> >>>>> mysql> select * from usergroup; >>>>> +----------+-----------+----------+ >>>>> | UserName | GroupName | priority | >>>>> +----------+-----------+----------+ >>>>> | test | test | 0 | >>>>> +----------+-----------+----------+ >>>>> 1 row in set (0.00 sec) >>>>> >>>>> mysql> select * from radcheck; >>>>> +----+----------+-----------+----+-------+ >>>>> | id | UserName | Attribute | op | Value | >>>>> +----+----------+-----------+----+-------+ >>>>> | 1 | test | Password | == | test | >>>>> +----+----------+-----------+----+-------+ >>>>> 1 row in set (0.00 sec) >>>>> >>>>> mysql> >>>>> >>>>> >>>>> Now, in testing... >>>>> >>>>> pulsar# radtest test test localhost 1812 secret >>>>> Sending Access-Request of id 69 to 127.0.0.1:1812 >>>>> User-Name = "test" >>>>> User-Password = "test" >>>>> NAS-IP-Address = pulsar.orblivion.com >>>>> NAS-Port = 1812 >>>>> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69, >>>>> length=20 >>>>> pulsar# >>>>> >>>>> So it seems freeradius/mysql is working fine. The problem arises >>>>> when I >>>>> try to use the captive portal/m0n0wall. :) >>>>> >>>>> My captive portal code is just the default code: >>>>> >>>>> <html> >>>>> <body> >>>>> <form method="post" action=""> >>>>> <input name="accept" type="submit" value="Continue"> >>>>> <input name="auth_user" type="text"> >>>>> <input name="auth_pass" type="password"> >>>>> </form> >>>>> </body> >>>>> </html> >>>>> >>>>> This is what I see in the error logs when attempting test/test as >>>>> username/password: >>>>> >>>>> Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry >>>>> in >>>>> the database for request from user [test] >>>>> Tue Oct 19 23:52:52 2004 : Auth: Login incorrect: >>>>> [test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1 >>>>> port 0) >>>>> >>>>> More detail: >>>>> >>>>> Tue Oct 19 23:52:52 2004 >>>>> Service-Type = Login-User >>>>> User-Name = "test" >>>>> User-Password = >>>>> "\272}S\0045\244\351i\317h\332\366s\2231\346" >>>>> NAS-Identifier = "ap1.orblivion.com" >>>>> NAS-Port = 0 >>>>> NAS-Port-Type = Ethernet >>>>> NAS-IP-Address = 67.52.79.22 >>>>> Client-IP-Address = 67.52.79.22 >>>>> >>>>> It seems the user-password is being garbled into something >>>>> strange/odd. >>>>> I've attempted shuffling the pap password encryption scheme to all >>>>> the >>>>> available options in freeradius as I read in the mailing list >>>>> m0n0wall >>>>> uses PAP, but it's made no difference. Any ideas on what the >>>>> problem >>>>> is? I'm sure it's user error, i've never touched radius before. :) >>>>> >>>>> Cheeers, >>>>> David Orman >>>>> >>>>> ------------------------------------------------------------------- >>>>> -- >>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>>> >>>>> >>>> -------------------------------------------------------------------- >>>> - >>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>> >>> >>> >>> -- >>> Denis Mirassou >>> Service Réseaux >>> Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T) >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > -- > Denis Mirassou > Service Réseaux > Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |