I found a problem with CAPsMAN and Radius, normally a Radius request has the SSID in its request (NAS-Port-ID and Called-Station-Id).
So it is impossible to separate different Wireless SSID request for authentication.
Is it possible to fix this?
A CAPsMAN request to the RADIUS is missing these information:
NAS-Port-ID = "SSIDWLAN"
NAS-Port-Type = Wireless-IEEE-802.11
Calling-Station-Id = 1C-AF-05-14-B3-B4(Client-MAC)
Called-Station-Id = D6-CA-6D-10-70-99(AP-MAC):SSIDWLAN
Best regards
LOG:
RADIUS Request from CAPsMAN:
RADIUS Request from mikrotik AP direct:7/10/2014 10:09:56 AM RADIUS Authentication transaction
Client address [10.X.X.10]
NAS address [10.X.X.10]
UniqueID=193373
Realm = (null)
User = host/computer.loc.domain
Code = Access request
ID = 118
Length = 163
Authenticator = 0xXX
Service-Type = Framed
Framed-MTU = 1400
User-Name = host/computer.loc.domain
State = 0xXX
EAP-Message = 0xXX
Message-Authenticator = 0xXX
NAS-Identifier = VRRP-Master.1
NAS-IP-Address = 10.X.X.10
7/10/2014 1:54:14 AM RADIUS Authentication transaction
Client address [10.X.X.10]
NAS address [10.X.X.10]
UniqueID=188769
Realm = (null)
User = res I pk
Code = Access request
ID = 147
Length = 259
Authenticator = 0x2EC353C41138113858CA1556A6C7ED06
Service-Type = Framed
Framed-MTU = 1400
User-Name = res I pk
State = 0xXX
NAS-Port-ID = "SSIDWLAN"
NAS-Port-Type = Wireless-IEEE-802.11
Calling-Station-Id = 1C-AF-05-14-B3-B4(Client-MAC)
Called-Station-Id = D6-CA-6D-10-70-99(AP-MAC):SSIDWLAN
EAP-Message = 0xXX
Message-Authenticator = 0xXX
NAS-Identifier = AP-NameX.10
NAS-IP-Address = 10.X.X.10
7/10/2014 1:54:14 AM RADIUS Proxy Transaction ; NAS 10.X.X.10; User 'res I pk'; Realm 'AD-SSIDWLAN'; Remote server '10.X.X.1'; Result 'Access reject'