Security

Hi,

Is there any way of enabling debugging of the use of an authentication source? I've created one that performs a simple mysql query to determine if a client is a locally managed machine ( select count(*) from mac_addresses where mac_address="%{Radius:IETF:Calling-Station-Id}" and  device_type_ptr=11).

 

When I use this in a WPA2-Enterprise service for a wireless lan, everything works and I can assign a local role via a role mapping (UoY Managed Machine)  if count(*)=1.

 

I've just set up a similar service for wired authentication and everything almost works :-((  Even though I've specified the auth source and the db entry has the correct stuff in it, I don't seem to get the expected response ( count(*) = 0). I've trippled checked the db contents and compared the 2 services but can't see what's going wrong.

 

I'd like to see what CPPM is doing when it invokes the auth source, keeping any other debugging to a minimum if possible. Is this doable?

 

Rgds

Alex

Is the MAC address the same format for both wired and wireless in the
calling-station-id?

Yup, we've standardised on upper case hex pairs delimted by "-" . Looking at the RADIUS inbound access request I can see its in the correct format.

 

At this moment I don't know if its actually calling the db , or passing the wrong info.

Might be best to work with TAC to get the logs. You can turn on debugging
for the policy engine, but then you have to package up the logs. They can be
difficult to navigate.

If you are using MySQL you could also (temporary) enable query logging, see: http://stackoverflow.com/questions/6479107/how-to-enable-mysql-query-log