From: Manueco, A. <an...@mi...> - 2011-03-08 20:48:14
|
Sorry took some time. By the way, nice to put a face on you guys! Great interview. Here is a snapshot of the Radius Packet. The SSID for 802.1x is TestSecure. Let me know what I'd have to change to get the SSID. I'd like to do a custom VLAN assignment based on this. Access-Request Id 120 10.37.9.65:1814 -> 10.37.32.92:1645 +1211592.214 NAS-Port-Type = Wireless-802.11 State = 0x546573744e415649533b313239393630373232393b3139 Calling-Station-Id = "90-27-E4-F8-ED-23" Called-Station-Id = "00-A0-A5-5F-42-1A:TestSecure" Message-Authenticator = 0x9df3a7c6c23328ce708a39e75b6398be User-Name = "ex-rancid1" EAP-Message = 0x0205004f158000000045170300005e59a9e0e0a62119a543c887e12a4892ac7aaa39f934dbc1891e6e967b366e265fe3f025af8f031c3d3fc9070a1ab110903d06e81ec83a0f83308c Connect-Info = "CONNECT 802.11a" NAS-IP-Address = 10.224.232.220 NAS-Port = 2050 Framed-Compression = None Framed-MTU = 1250 Proxy-State = 0x3731 Thanks! -----Original Message----- From: Olivier Bilodeau [mailto:obi...@in...] Sent: Monday, February 28, 2011 12:42 PM To: pac...@li... Subject: Re: [Packetfence-devel] Meru Feature Devel Hi Antonio, A quick re-post of François' last message: > I just spoke with our Meru contact, and he told me that the SSID is sent > when doing 802.1X. Since I do not have access to a Meru controller, can > you grab a capture of a 802.1X RADIUS request? It would be really appreciated. Thanks, On 22/02/11 4:02 PM, Manueco, Antonio wrote: > Nop, I don't see any SSID in the request. > > > > -----Original Message----- > From: Olivier Bilodeau [mailto:obi...@in...] > Sent: Tuesday, February 22, 2011 3:47 PM > To: pac...@li... > Subject: Re: [Packetfence-devel] Meru Feature Devel > > Hi, > >> I am sending you the Request from the controller for MAC Auth. >> >> MAC Auth: >> >> rad_recv: Access-Request packet from host 10.224.232.220 port 32769, id=229, length=182 >> Service-Type = Login-User >> Framed-MTU = 1250 >> User-Name = "00-11-22-33-44-55" >> User-Password = "00-11-22-33-44-55" >> Calling-Station-Id = "00-11-22-33-44-55" >> Called-Station-Id = "00-A0-A5-5F-42-1A" >> Connect-Info = "CONNECT Unknown Radio" >> NAS-IP-Address = 10.224.232.220 >> NAS-Port-Type = Wireless-802.11 >> NAS-Port = 0 >> Message-Authenticator = 0xd3eb20961c802bc6f8d777bf195d1715 > > Do you see your SSID in the request? I'm asking just in case it's > CONNECT or CONNECT Unknown Radio... > >> >> Let me know if I can help you with anything. >> > > First, lets try to see if there's not a VSA that isn't supported by > FreeRADIUS. Can you do a tcpdump / wireshark of the Request and check if > there is not a vendor specific attribute that we don't see in the > radiusd output. > > Then, on Cisco Aironet in stand-alone mode, we need to enable a CLI > parameter in order for it to send the SSID in a VSA. ex: > > radius-server vsa send authentication > > If all else fails, at this point if you _really_ need SSID > identification we could try to find an SNMP read query that could give > it to us based on the Called-Station-Id.. but again, we would need a > caching layer otherwise it would be ridiculous to do an SNMP read to the > controller for every incoming RADIUS request we get. > > Thanks for helping us! We don't have a Meru here anymore.. > -- Olivier Bilodeau obi...@in... :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Packetfence-devel mailing list Pac...@li... https://lists.sourceforge.net/lists/listinfo/packetfence-devel |