rename remote mac authorisation attribute

Johan · Thu Dec 23, 2004 12:39 am

How could i change the attribute name in freeradius for the remote mac authorisation in mikrotik from UserName to an another attribute name.

This is because i already have setup the pppoe accounts via freeradius and the use also the attribute UserName, and i want to dump a list with allowed mac's in a another table

Johan
(i'm sorry for my bad english)

edzix · Thu Dec 23, 2004 11:09 am

you cannot change the names of attributes,this is coded in.

Edgars

Johan · Thu Dec 23, 2004 7:21 pm

but how can i solve this problem then. I want my mac addresses in an another table as my usernames for pppoe

edzix · Fri Dec 24, 2004 12:01 pm

sorry, but i really didn't get what do you want to achieve. So you will put those MACs in another DB table. What are the users connecting to your host? HotSpot? If yes, then you can set auth-mac parameter to yes under hotspot menu and then the mac addresses of the users will be sent as a UserName first when they're trying to get an accept message from the RADIUS server.

Edgars

Johan · Fri Dec 24, 2004 9:44 pm

no pppoe, i want to authorize the pppoe clients and the mac addresses via radius. but the use both attribute UserName for authorisation.

johan

ofasa · Sun Dec 26, 2004 3:05 pm

Use the MAC address as the Calling-Station-id radius attribute.

test User-Password =: 'pppoe password'
calling-station-id := 'mac address'
... etc.
(of course translate for entry into your database)

Johan · Sun Dec 26, 2004 11:50 pm

i'am affraid that i couldn't explane my problem good to you or i don't get what you mean i have tried to rename te attreibute with attr_rewrite.

but it doesn't work.
i have my rename module declared in the authorize section


attr_rewrite macauth {
attribute = User-Name
searchin = packet
searchfor = ":"
replacewith = "-"
new_attribute = yes
append = no}

maybe i did here something wrong.

this is what i get when a user tries to authorize


rad_recv: Access-Request packet from host 62.221.**.**:1028, id=171, length=79
        Service-Type = Framed-User
        NAS-Identifier = "*******"
        NAS-Port-Id = "wlan1"
        User-Name = "00:02:6F:30:**:**"
        User-Password = ""
        NAS-IP-Address = 62.221.**.**
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 9
radius_xlat:  '-'
rlm_attr_rewrite: Added attribute User-Name with value '-'
  modcall[authorize]: module "macauth" returns ok for request 9
  modcall[authorize]: module "attr_filter" returns noop for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_realm: No '@' in User-Name = "00:02:6F:30:D4:8B", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 9
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 9
radius_xlat:  '00:02:6F:30:D4:8B'
rlm_sql (sql): sql_set_user escaped user --> '00:02:6F:30:D4:8B'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:02:6F:30:D4:8B' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:02:6F:30:D4:8B' ORDER BY id
rlm_sql (sql): User 00:02:6F:30:D4:8B not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '00:02:6F:30:D4:8B' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '00:02:6F:30:D4:8B' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,radusergroup WHERE radusergroup.Username = '00:02:6F:30:D4:8B' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,radusergroup WHERE radusergroup.Username = '00:02:6F:30:D4:8B' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User 00:02:6F:30:D4:8B not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns notfound for request 9
modcall: group authorize returns ok for request 9
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.

but i want something like this


Service-Type = Framed-User
        NAS-Identifier = "*******"
        NAS-Port-Id = "wlan1"
        MAC = "00:02:6F:30:**:**"
        User-Password = ""
        NAS-IP-Address = 62.221.**.**

greets,

Johan

edzix · Mon Dec 27, 2004 12:56 pm

seems to be FreeRadius configuration mistake. Maybe try to post the problem in theirs list!

Edgars

rename remote mac authorisation attribute

rename remote mac authorisation attribute

Who is online