Proxying based on SSID

This is a discussion on Proxying based on SSID within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hi, Sorry if the questions have been asked. I have done a lot of searches, but could not find the ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page Proxying based on SSID

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-24-2007
Lai Fu Keung
 
Posts: n/a
Default Proxying based on SSID
Hi,

Sorry if the questions have been asked. I have done a lot of searches,
but could not find the answer.

Normally, I proxy a PEAP request whenever the realm is unknown to us
(i.e. using the DEFAULT realm without stripping user name). However, for
some SSIDs, I want requests to be handled locally with ldap, independent
of what the realm is (and with the user name stripped). What I did is to
find those SSIDs in "Called-Station-ID" and
set proxy-to-realm to a local realm.

But the problem (I guess) is that when freeradius processes the realm
file, the user name is not stripped. When later on processed by the
local realm, the request fails because the user name still contains the
domain.

Any suggestions to solve it is appreciated. Thanks in advance.

Best Regards,
Lai

Users
=====
DEFAULT NAS-Port-Type == "Wireless-802.11", Called-Station-Id =~
"MY-SSID$", St
rip-User-Name := Yes, Autz-Type := usePlainTextPwd, Proxy-to-realm :=
"hku.hk"

DEFAULT NAS-Port-Type == "Wireless-802.11", Autz-Type := usePlainTextPwd

Radiusd -X
=========
rad_recv: Access-Request packet from host 17.18.28.26:20002, id=136,
length=152
NAS-Port-Id = "2098/1"
Calling-Station-Id = "00-18-DE-83-3E-1B"
Called-Station-Id = "00-16-E0-FD-47-40:VIP-peap"
Service-Type = Framed-User
EAP-Message = 0x02010012017063637732406173642e636f6d
User-Name = "pcw2@asd.com"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "3Com"
NAS-IP-Address = 17.18.28.26
Message-Authenticator = 0x46e6da4a3ad7d253157a9f21a110807b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: Looking up realm "asd.com" for User-Name = "pcw2@asd.com"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Proxying request from user pcw2 to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Preparing to proxy authentication request to realm
"DEFAULT"
modcall[authorize]: module "suffix" returns updated for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 244
modcall[authorize]: module "files" returns ok for request 0
rlm_eap: EAP packet type response id 1 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
Found Autz-Type usePlainTextPwd
Processing the authorize section of radiusd.conf
modcall: entering group usePlainTextPwd for request 0
modcall: entering group redundant for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for pcw2@asd.com
radius_xlat: '(&(uid=pcw2@asd.com)))'
radius_xlat: 'ou=ldap,o=hku,c=hk'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap1.hku.hk:389, authentication 0
rlm_ldap: starting TLS
rlm_ldap: bind as cn=net,o=hku,c=hk/M134aNaa to ldap1.hku.hk:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=ldap,o=hku,c=hk, with filter
(&(uid=pcw2@asd.com))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "withNTPwd" returns notfound for request 0
modcall: leaving group redundant (returns notfound) for request 0
modcall: leaving group usePlainTextPwd (returns notfound) for request 0
WARNING: You set Proxy-To-Realm = hku.hk, but it is a LOCAL realm!
Cancelling
invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
WARNING: Cancelling proxy to Realm hku.hk, as the realm is local.
Sending Access-Challenge of id 136 to 17.18.28.26 port 20002
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfd7f032f1c3ed7e8e39bf1872727e771
Finished request 0
Going to the next request


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:19 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0