freeradius 1.0.4 and Cisco WLSE
jck-freeradius at southwestern.edu
jck-freeradius at southwestern.edu
Thu Aug 11 21:38:35 CEST 2005
I am trying to speak between my Freeradius server and a Cisco WLSE. I am seeing
EAP timeouts while WLSE is trying to authenticate through Freeradius.
I have setup the AAA details (server,port,username,password,eap protocol) in
the WLSE, and enabled fault tracking, so that polling is able to take place.
The WDS Master router has no problems authenticating, it is the WLSE that
I am having problems getting authenticated.
AP-70#show wlccp wnm status
WNM IP Address : 192.168.254.5 Status : NOT AUTHENTICATED
AP-70#show wlccp wds
MAC: 0014.6a77.1604, IP-ADDR: 192.168.254.70 , Priority: 254
Interface BVI1, State: Administratively StandAlone - ACTIVE
AP Count: 43 , MN Count: 9
==
The WLSE is speaking with freeradius:
(output from tcpdump)
17:40:36.415982 IP wlse.southwestern.edu.32815 > radius.southwestern.edu.radius: rad-access-req 132 [id 3] Attr[ User{wlseacct} NAS_ipaddr{wlse.southwestern.edu} Called_station{ABBAABBAABBA} [|radius]
17:40:36.422513 IP radius.southwestern.edu.radius > wlse.southwestern.edu.32815: rad-access-cha 92 [id 3] Attr[ [|radius]
17:40:36.423393 IP wlse.southwestern.edu.32815 > radius.southwestern.edu.radius: rad-access-req 125 [id 3] Attr[ User{wlseacct} NAS_ipaddr{wlse.southwestern.edu} Called_station{ABBAABBAABBA} [|radius]
17:40:42.433507 IP radius.southwestern.edu.radius > wlse.southwestern.edu.32815: rad-access-reject 20 [id 3]
==
==
...and the output from Freeradius
rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=132
User-Name = "wlseacct"
NAS-IP-Address = 192.168.254.10
Called-Station-Id = "ABBAABBAABBA"
Calling-Station-Id = "ABBAABBAABBA"
NAS-Identifier = "Cisco Secure II"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000d01776c736561636374
Message-Authenticator = 0x586aa1b877caeafd3956095cf718be31
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 180
rlm_eap: EAP packet type response id 0 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 180
radius_xlat: 'wlseacct'
rlm_sql (sql): sql_set_user escaped user --> 'wlseacct'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'wlseacct' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'wlseacct' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 180
modcall: group authorize returns updated for request 180
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 180
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 180
modcall: group authenticate returns handled for request 180
Sending Access-Challenge of id 3 to 192.168.254.10:32815
EAP-Message = 0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8c90735921dd51b22bc8ef97379845b8
Finished request 180
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=125
User-Name = "wlseacct"
NAS-IP-Address = 192.168.254.10
Called-Station-Id = "ABBAABBAABBA"
Calling-Station-Id = "ABBAABBAABBA"
NAS-Identifier = "Cisco Secure II"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300060311
Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 181
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 181
radius_xlat: 'wlseacct'
rlm_sql (sql): sql_set_user escaped user --> 'wlseacct'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'wlseacct' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'wlseacct' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 181
modcall: group authorize returns updated for request 181
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 181
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 181
modcall: group authenticate returns invalid for request 181
auth: Failed to validate the user.
rad_lowerpair: User-Name now 'wlseacct'
rad_rmspace_pair: User-Name now 'wlseacct'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 181
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 181
radius_xlat: 'wlseacct'
rlm_sql (sql): sql_set_user escaped user --> 'wlseacct'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'wlseacct' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'wlseacct' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 181
modcall: group authorize returns updated for request 181
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 181
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 181
modcall: group authenticate returns invalid for request 181
auth: Failed to validate the user.
Delaying request 181 for 1 seconds
Finished request 181
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 3 to 192.168.254.10:32815
Cleaning up request 181 ID 3 with timestamp 42fa8264
Nothing to do. Sleeping until we see a request.
==
I have read in places that there are patches, that may fix my issue.
Are these patches my solution, and where can I get the most recent
version?
--johnk
More information about the Freeradius-Users
mailing list