Hello all,
I have a hell of a question for you, and hopefully this fits here (I might be pushing the line a bit). Has anyone here been able to get Meraki working with FreeRADIUS (+ DaloRADIUS) and been able to get Simultaneous-Use working?
What I have done:
FreeRADIUS
- I imported the DB schemas provided by FreeRADIUS and DaloRADIUS
- I later saw when running
radiusd -Xthat the unix timestamp was too long for the sql column. So I modified the table and corrected that error.
- I later saw when running
- I made sure to set mysql in the default config
- I set in mods-enabled all the needed sql settings. I can confirm all the tables listed in the config below exist.
- I have set the queries.conf file (I opted for the queries to use BINARY so usernames were caps sensitive)
MySQL/DaloRADIUS
- I created a user (Test1)
- The user is only set with a password and a profile (Single Login)
- I created a profile (Single Login)
- Fall-Through = 1
- Simultaneous-Use := 1 (For testing I set it to one but will need to change that to two)
- And a reply attribute Filter-Id = "Single Login"
- I created a NAS group in DaloRADIUS
- I confirmed they can all authenticate with FreeRADIUS
Conclusion
First, here's a radiusd -x PasteBin I redacted IPs but other than that its basically all there. What I find most interesting is you can see FreeRADIUS corectly finds the users group and the attributes. Yet it never sends an access reject. However you can force an access reject by simply typing in a bad password, and packet captures on the AP confirm the Filter-Id attribute makes it to the AP. I would really appreciate some guidance or discussion
No comments:
Post a Comment