RADIUS for MAC authentication in WLAN, how doing it?

• Previous message: atherios: "SCSI transfer rate is really slow on 1 of my 2 disks"
• Next in thread: Igor Sobrado: "Re: RADIUS for MAC authentication in WLAN, how doing it?"
• Reply: Igor Sobrado: "Re: RADIUS for MAC authentication in WLAN, how doing it?"
• Reply: jpd: "Re: RADIUS for MAC authentication in WLAN, how doing it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 23 Dec 2003 16:21:42 +0100

Hi all.

I am building a WLAN for our Campus here. IMHO, the best way to add
new users to the network and synchronizing access points is running
a RADIUS server and WEP, but I am not able to authenticate my NIC (a
Lucent Technologies 802.11b Silver card on a laptop running NetBSD 1.6.1).
I am looking for better authentication methods, but I do not want dropping
non 802.11g clients.

My issue is that I cannot authenticate my card on this setup. I have
added the IP address of the router (a USR Robotics 8054) and the key
shared between the WLAN router/AP and the RADIUS server to the clients
file in the RADIUS server. I have provided information about the AP
itself to the users file:

00c049-cc94e9 Auth-Type = Local, Password = "abcde"
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                Framed-Routing = Broadcast-Listen,
                Framed-MTU = 1500,
                Framed-Compression = Van-Jacobson-TCP-IP

(this is the WAN port MAC address), and the client NIC:

00601d-1e2bb2 Auth-Type = Local, Password = "abcde"
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                Framed-Routing = Broadcast-Listen,
                Framed-MTU = 1500,
                Framed-Compression = Van-Jacobson-TCP-IP

I have tested this configuration with my AP-1000 too. radtest(1)
shows that the RADIUS server is working just fine and should
authenticate the wireless clients. But I am unable to connect
to the wired network using this setup. There are some logs in
the RADIUS server that show that this machine sees the wireless
NIC on the APs:

Tue Dec 23 11:32:13 2003: Info: Starting - reading configuration files ...
Tue Dec 23 11:32:13 2003: Info: Ready to process requests.
Tue Dec 23 11:34:08 2003: Error: Accounting: logout: login entry for NAS 172.16.10.5 port 0 not found
Tue Dec 23 11:35:56 2003: Error: Accounting: logout: login entry for NAS 172.16.10.5 port 0 not found
Tue Dec 23 11:37:44 2003: Error: Accounting: logout: login entry for NAS 172.16.10.5 port 0 not found

(well, I turned on the AP before running radiusd... that is the reason
for the login entry not found.)

What I am doing wrong? Should I use PPPoE? Another issue?
Perhaps 802.1x support in NetBSD?

Sorry, I do not have Windows clients to test this setup at this moment.
Laptops (even used ones) are too expensive to run operating systems
that are not useful for my real work. I need Unix for my daily activities.

Cheers,
Igor.

-- 
Igor Sobrado, UK34436 - sobrado@acm.org

• Previous message: atherios: "SCSI transfer rate is really slow on 1 of my 2 disks"
• Next in thread: Igor Sobrado: "Re: RADIUS for MAC authentication in WLAN, how doing it?"
• Reply: Igor Sobrado: "Re: RADIUS for MAC authentication in WLAN, how doing it?"
• Reply: jpd: "Re: RADIUS for MAC authentication in WLAN, how doing it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]