cancel
Showing results for 
Search instead for 
Did you mean: 

pppoe user mac address based authentication in SBR using ldap as the user database

SOLVED
Rajeev Singh_
New Contributor

pppoe user mac address based authentication in SBR using ldap as the user database

Can anyone help me doing the correct config for user mac based authentication using SBR 7.2 carrier. I have user repository in Sun one ldap, and i am using pppoeDescription attrib for storing user mac address to validate with the hardware mac address. using the search filter i am not able to authenticate the user if user is having a correct mac address stored in ldap. but when changing the filter search with "|" to search for one attrib it is authenticating but in that case if user have wrong mac stored also gets authenticated. please have look at the ldapauth.aut file and the corresponding logs and help me out to get this done.

other parts omitted to save the space (ldapauth.aut) : complete files are attached

------------------------------------------------------------------

[Request]
%UserName = User-Name
NAS-IP-Address = radiusNASIPAddress
NAS-Port = radiusNASPort
Service-Type = radiusServiceType
Pppoe-Description = pppoeDescription

[Response]
%Password = userPassword
--More--(46%)
%LoginLimit = pppoeMaxSessions
Address-Pool-Name = localAddressPool
Primary-DNS = primaryDNS
Secondary-DNS = secondaryDNS
Sa-Validate = saValidate
Sdx-Service-Name = sdxServiceName
Sdx-Session-Volume-Quota = sessionVolumeQuota
Service-Type = radiusServiceType
Service-Bundle = serviceBundle
Session-Timeout = radiusSessionTimeOut
Ppp-Password = pppPassword
Ppp-Username = pppUsername
Pppoe-Max-Sessions = pppoeMaxSessions
Pppoe-Description = pppoeDescription

[Search/DoLdapSearch]
Base=retailername=ttml,o=users,o=umc
Scope=2
Filter=(&(uid=<User-Name>)(Pppoe-Description=<pppoeDescription>))
Attributes = AttrList
Timeout = 20
%DN = dn

----------------------------------------------------------------

logs

---------------------------

02/16/2011 03:42:52: Parsing request
02/16/2011 03:42:52: NAS-IP-Address in request: 192.168.10.224
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: -----------------------------------------------------------
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Authentication Request
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Received from IpAddr=192.168.10.224 Port=50000
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Packet Code=0x01 Id=0x67
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Client Name="<ANY>"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Dictionary Name="Juniper.dct"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Vector =
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: 000: 53a60563 5f244c72 07302cff 1fda04af |S..c_$Lr.0,.....|
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Parsed Packet :
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: User-Password : Value =
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: 000: dfc599a6 9d88848d d9e71dfb cb2d2166 |.............-!f|
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: User-Name : String Value = [email protected]
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Acct-Session-Id : String Value = erx atm 2/0.42:100.245:0005262611
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Service-Type : Integer Value = 2
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Framed-Protocol : Integer Value = 1
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Pppoe-Description : String Value = pppoe 12:34:56:78:9a:bc
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Calling-Station-Id : String Value = #TTML-E320#this is a description#100#245
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Connect-Info : String Value = speed:UBR:12000
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: NAS-Port-Type : Integer Value = 16
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: NAS-Port : Integer Value = 543424757
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: NAS-Port-ID : String Value = atm 2/0.42:100.245
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: NAS-IP-Address : IPAddress = 192.168.10.224
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: NAS-Identifier : String Value = TTML-E320
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: -----------------------------------------------------------
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Determining if this radius should act as a proxy
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Setting variable User-Name = "[email protected]"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Setting variable radiusServiceType = "2"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Setting variable pppoeDescription = "pppoe 12:34:56:78:9a:bc"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Setting variable radiusNASPort = "543424757"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Setting variable radiusNASIPAddress = "192.168.10.224"
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: No elements, DoBind returning.
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: No elements, DoBind returning.
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Performing search; base = retailername=ttml,o=users,o=umc, scope = 2, filter = (&([email protected])(Pppoe-Description=pppoe 12:34:56:78:9a:bc)), attrs = userPassword,uid,localAddressPool,localInterface,pppoeMaxSessions,pppoeUrl,pppPassword,pppUsername,primaryDNS,secondaryDNS,pppoeDescription
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: LDAPAUTH: Authentication attempt = 0, user = [email protected], server = s1 - Failure
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Unable to find user [email protected] with matching password
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: -----------------------------------------------------------
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Authentication Response (reject)
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Packet Code=0x03 Id=0x67
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Vector =
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: 000: c4d4b238 ff117a5e 563cc7be ccbfeae1 |...8..z^V<......|
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: -----------------------------------------------------------
02/16/2011 03:42:52 TxId 0xac99288c4d5afa2500000002: Sent reject response
02/16/2011 03:43:36: Looking up shared secret
02/16/2011 03:43:36: Parsing request
02/16/2011 03:43:36: NAS-IP-Address in request: 192.168.10.224
02/16/2011 03:43:36 TxId 0xac99288c4d5afa2500000003:

1 ACCEPTED SOLUTION

Accepted Solutions
Rajeev Singh_
New Contributor

Re: pppoe user mac address based authentication in SBR using ldap as the user database

The prob got sorted out now, please do not reply teh message. the configureation given in the question was correct, only the little bit correction in filter parameter and started working.

parameter was:

Filter=(&(uid=<User-Name>)(pppoeDescription=<pppoeDescription>))

after this it was started working correctly.

but this will be applicable for all users in that ou, so need to create another search section for normal users for which mac authentication is not required.

Thanks

Rajeev Singh

View solution in original post

1 REPLY 1
Rajeev Singh_
New Contributor

Re: pppoe user mac address based authentication in SBR using ldap as the user database

The prob got sorted out now, please do not reply teh message. the configureation given in the question was correct, only the little bit correction in filter parameter and started working.

parameter was:

Filter=(&(uid=<User-Name>)(pppoeDescription=<pppoeDescription>))

after this it was started working correctly.

but this will be applicable for all users in that ou, so need to create another search section for normal users for which mac authentication is not required.

Thanks

Rajeev Singh