Authentification with: login, password, SSID

ludovic cailleau ludoviccailleau at yahoo.fr
Fri Apr 21 13:49:40 CEST 2006


Good morning,
   
  I wish to realize an authentication 802.11x for a wireless network. 
  I use a switch wireless Symbol, and Freeradius under fedora 5.
   
  The authentication will have to verified 3 parameters: the login, the password, and the SSID. 
  The switch Symbol with the Vendor Specific Attribute (Symbol-SSID) transmits the SSID. 
  I have then creates a Freeradius's dictionary for this attribute (Symbol-SSID). 
   
  #
  # dictionary.symbol
  #
  VENDOR            Symbol       388   
  ATTRIBUTE   Symbol-SSID        2     string            Symbol  
\n 
\n 
\nI use the users files of Freeradius.
\nFor validate the authentication I use the entry:
\n 
\n"vlan4"\n     Auth-Type :\u003d eap, User-Password \u003d\u003d "vlan4", Symbol-SSID \u003d\u003d \'CRTguest\'
\n            Reply-Message \u003d "Hello, %u"\n
\n 
\n 
\nI start freeradius, and when I want to connect me with a client PC I\'m reject.\n
\nLogs indicates me: 
\n 
\nFri Apr 21 09:01:34 2006 : Info: Using deprecated naslist file.\n  Support for this will go away soon.
\nFri Apr 21 09:01:34 2006 : Info: rlm_exec: Wait\u003dyes but no output defined. Did you mean output\u003dnone?\n
\nFri Apr 21 09:01:34 2006 : Info: Ready to process requests.\n
\n",1] );  //-->   
   
   
  I use the users files of Freeradius.
  For validate the authentication I use the entry:
   
  "vlan4"      Auth-Type := eap, User-Password == "vlan4", Symbol-SSID == 'CRTguest'
              Reply-Message = "Hello, %u" 
   
   
  I start freeradius, and when I want to connect me with a client PC I'm reject. 
  Logs indicates me: 
   
  Fri Apr 21 09:01:34 2006 : Info: Using deprecated naslist file.   Support for this will go away soon.
  Fri Apr 21 09:01:34 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? 
  Fri Apr 21 09:01:34 2006 : Info: Ready to process requests. 
      Length Included
\nFri Apr 21 09:01:49 2006 : Error:\n     TLS_accept:error in SSLv3 read client certificate A 
\nFri Apr 21 09:01:49 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message\n
\nFri Apr 21 09:01:49 2006 : Info: rlm_eap_tls:\n  Length Included
\nFri Apr 21 09:01:49 2006 : Info:\n     (other): SSL negotiation finished successfully 
\nFri Apr 21 09:01:49 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message\n
\nFri Apr 21 09:01:50 2006 : Info: rlm_eap_mschapv2: Issuing Challenge\n
\nFri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client localhost port 0)\n
\nFri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37)\n
\nFri Apr 21 09:01:52 2006 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request\n
\nFri Apr 21 09:01:52 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37)\n
\nFri Apr 21 09:01:54 2006 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request\n",1] );  //-->  Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls:   Length Included
  Fri Apr 21 09:01:49 2006 : Error:      TLS_accept:error in SSLv3 read client certificate A 
  Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message 
  Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls:   Length Included
  Fri Apr 21 09:01:49 2006 : Info:      (other): SSL negotiation finished successfully 
  Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message 
  Fri Apr 21 09:01:50 2006 : Info: rlm_eap_mschapv2: Issuing Challenge 
  Fri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client localhost port 0) 
  Fri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37) 
  Fri Apr 21 09:01:52 2006 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request 
  Fri Apr 21 09:01:52 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37) 
  Fri Apr 21 09:01:54 2006 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request  
\nFri Apr 21 09:01:54 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37)\n
\n 
\n 
\nBut if I delete the VSA Symbol-SSID, I can connect me.
\n 
\nThank you for your help.


-- 

",1] ); D(["mb","Ludovic \n\n
",0] );  //-->   
  Fri Apr 21 09:01:54 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37) 
   
   
  But if I delete the VSA Symbol-SSID, I can connect me.
   
  Thank you for your help.


		
---------------------------------
 Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060421/4bdccca5/attachment.html>


More information about the Freeradius-Users mailing list