I just updated to 2.00.2 4346 to try to fix this. I noticed non stop requests to my radius server and replies of incorrect. Should the hotspot continue to send requests for authentication?

Mon Aug 2 11:43:12 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:12 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:12 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:12 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:12 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:14 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:14 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:14 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:14 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:14 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:17 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:17 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:17 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:17 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:17 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:19 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:19 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:19 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:19 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:19 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:22 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:22 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:22 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:22 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:22 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:24 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:24 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:24 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:24 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:24 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:26 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:26 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:26 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:26 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:26 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:29 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:29 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:29 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:29 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:29 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:31 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:31 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:31 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:31 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:31 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:33 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:33 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:33 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:33 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:33 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)
Mon Aug 2 11:43:36 2004 : Auth: Login incorrect: [00:e0:98:7f:b8:cf/00:e0:98:7f:b8:cf] (from client castle port 0 cli 0.0.0.0)

What form of authentication are you seeing this behavour with? (dhcp auto-auth, web-based MAC auth, or web-based login page) ?

Thanks!

dhcp auto-auth

Thank you. This behavour has been observed with Windows clients pounding the DHCP server, even after getting an IP. We will be implement radius request caching for dhcp auto-auth to prevent your radius server from getting more requests than needed.

Thanks!

Thank you. I have been trying to block this mac completely with iptables with no luck, is this why?:

SUBJECT : Bug in Linux 2.4 / iptables MAC match module
SUMMARY : MAC match module does not match small packets
EFFECTS : Malicious users may bypass MAC-based DROP rules
pcAnywhere does not function correctly if allowed by MAC address
SOLUTION : Apply the attached patch from Harald Welte, Netfilter core
developer, or wait for the next release of the Linux kernel.
CREDITS : Harald Welte, Erick C. Jones, Netfilter team and users

Please set the cache to a user definable timeout or only use the cache after some threshold of requests to the outside radius server is reached. My current setup has users going to the signup page if they aren't authenticated and then a bash script pulls data from MySQL every 10 minutes to create a new users file. After they signup they are asked to reboot their computers in 15 minutes so their machine will attempt to get a new IP and will be authenticated succesfully. If the hotspot only queries radius once and then caches it until reboot, etc. this method will no longer work.

The report you post was back in 2001, and is not an issue with later iptables releases.

Plans are to have the system cache the radius result for a minute by default. Plans are to make this option tunable, though may not be in the initial BETA with the caching feature.

What am I doing incorrectly?


iptables -A INPUT --match --mac-address 00:e0:98:7f:b8:cf -j LOG --log-level 6
iptables -A INPUT --match --mac-address 00:e0:98:7f:b8:cf -j DROP

Try this instead:
iptables -A INPUT -m mac --mac-source 00:e0:98:7f:b8:cf -j LOG --log-level 6
iptables -A INPUT -m mac --mac-source 00:e0:98:7f:b8:cf -j DROP

I am seeing this more and more and am not sure it is the client doing this. I believe this because I am running Linux on my laptop and as I am having problems with one the buildings I looked at the logs and saw a great deal of authentication requests from my laptops mac.
Pasted is the radius log. The 00:0D is my redhat 9 thinkpad.



Wed Aug 25 12:12:45 2004 : Auth: Login OK: [00:03:47:ca:f5:99/00:03:47:ca:f5:99] (from client 203stoughton port 0 cli 0.0.0.0)
Wed Aug 25 12:12:45 2004 : Auth: Login OK: [00:03:47:ca:f5:99/00:03:47:ca:f5:99] (from client 203stoughton port 0 cli 0.0.0.0)
Wed Aug 25 12:12:46 2004 : Auth: Login OK: [00:03:47:ca:f5:99/00:03:47:ca:f5:99] (from client 203stoughton port 0 cli 0.0.0.0)

CLIPPED BY LONNIE

I think we get the general idea - but please don't feel the need to send those large listings in future. I would just as soon delete the entry than scroll to the bottom. Lonnie

For some reason that radius client is not seeing the response and is simply asking over and over.

What are you running for radius on the client that is doing this?

Sorry for the long log, I am only trying to be complete to resolve this problem.

Server:

freeradius-0.9.3-1
Linux version 2.4.21-9.0.1.ELsmp
Red Hat Linux 3.2.3-26

I would call the client Star-os v2.00.2 build 4346

Is there any chance I can get on this system and see it for myself? Send me the IP and password if we can do this.