From owner-freebsd-questions@FreeBSD.ORG  Wed Nov  3 01:42:01 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D36C16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Nov 2004 01:42:01 +0000 (GMT)
Received: from mx2.melsa.net.id (mx2.melsa.net.id [202.138.224.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C0B8443D2F
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Nov 2004 01:41:59 +0000 (GMT)
	(envelope-from rino@melsa.net.id)
Received: from ns2.melsa.net.id (ns2.melsa.net.id [202.138.224.4])
	by mx2.melsa.net.id (8.12.8/8.11.3) with ESMTP id iA31fv2D000540
	for <freebsd-questions@freebsd.org>;
	Wed, 3 Nov 2004 08:41:57 +0700 (JAVT)
Received: from pop3.melsa.net.id (pop3.melsa.net.id [202.138.224.5])
	by ns2.melsa.net.id (8.12.9/8.11.3) with ESMTP id iA31fuE5018105
	for <freebsd-questions@freebsd.org>;
	Wed, 3 Nov 2004 08:41:57 +0700 (JAVT)
Date: Wed, 3 Nov 2004 08:41:56 +0700 (JAVT)
From: SlavesZeroes <rino@melsa.net.id>
To: freebsd-questions@freebsd.org
Message-ID: <Pine.BSF.4.05.10411030841050.17987-100000@ns2.melsa.net.id>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: WLAN Freeradius Auth
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Nov 2004 01:42:01 -0000


Dear all, 


I've setup my little hotspot for our office. And offcourse for security
reason, only mac address listed in radius users can have internet access.
With Lucent Orinoco AP-1000, i've checked enable radius access control and
then setup my free radius. My radius setting :

00601d-f4ae15 Auth-Type = Local, Password = "testing123"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Routing = Broadcast-Listen,
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobson-TCP-IP

but when i try to change the setting, for testing only : 

00601d-f4ae15 Auth-Type = Reject, Password = "testing123"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Routing = Broadcast-Listen,
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobson-TCP-IP


They still can have an access to outside, my radius log says : 

Auth: Login incorrect: [00601d-f4ae15/testing123] (from client ap port 0). 

and i try to ping to that station, it says reply : 
PING 192.168.0.254 (192.168.0.254): 56 data bytes
64 bytes from 192.168.0.254: icmp_seq=0 ttl=64 time=0.840 ms


my question is, if mac address not listed in radius users or in REJECT
mode, they shouldn't get an access to Access Point,  and offcourse they
can't have ip address, but in my case, they still have an static ip
address and they can access to LAN and internet too. Can you help me ? 


Thanks