freeradius eap-ttls pap ldap

emmcosta emmcosta at gmail.com
Mon Jun 11 12:04:35 CEST 2007


tnt at kalik.co.yu wrote:
> Does securew2 support EAP-GTC?
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 8/6/2007, "emmcosta" <emmcosta at gmail.com> piše:
>
>   
>> Hi everyone,
>>
>> I have a problem with my configuration, authorize is ok but
>> authentication fail.I use freeradius 1.1.6 e openldap 2.2.13 and use
>> windows xp for client with securew2.
>> My access-point is Cisco aironet 1100.
>>
>> My radiusd.conf:
>>
>> ...........
>>        ldap {
>>                server = "localhost"
>>                identity = "cn=root,dc=teste,dc=pt"
>>                password = secret
>>                basedn = "dc=teste,dc=pt"
>>                filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>                base_filter = "(objectclass=radiusprofile)"
>>                start_tls = no
>>                access_attr = "uid"
>>                dictionary_mapping = ${raddbdir}/ldap.attrmap
>>                ldap_connections_number = 5
>>                password_attribute = userPassword
>>                timeout = 4
>>                timelimit = 3
>>                net_timeout = 1
>>                 set_auth_type = no
>>        }
>> ...............
>> authorize {
>>            preprocess
>>           ldap
>>           pap
>> }
>>
>> authenticate{
>>        Auth-Type PAP {
>>                pap
>>        }
>>        Auth-Type LDAP {
>>                ldap
>>        }
>>        eap
>>
>> }
>>
>> My eap.conf:
>>
>> eap{
>>                default_eap_type = ttls
>>                timer_expire     = 60
>>                ignore_unknown_eap_types = no
>>                cisco_accounting_username_bug = yes
>>                md5 {
>>                }
>>                leap {
>>                }
>>                gtc {
>>                        auth_type = PAP
>>                }
>>                tls {
>>                        private_key_password = whatever
>>                        private_key_file = ${raddbdir}/certs/cert-srv.pem
>>
>>                        #  If Private key & Certificate are located in
>>                        #  the same file, then private_key_file &
>>                        #  certificate_file must contain the same file
>>                        #  name.
>>                        certificate_file = ${raddbdir}/certs/cert-srv.pem
>>
>>                        #  Trusted Root CA list
>>                        CA_file = ${raddbdir}/certs/demoCA/cacert.pem
>>
>>                        dh_file = ${raddbdir}/certs/dh
>>                        random_file = ${raddbdir}/certs/random
>>             }
>>                ttls {
>>                        default_eap_type = gtc
>>                        use_tunneled_reply = yes
>>                }
>> }
>>
>> The log:
>>
>> .............
>> rlm_ldap: - authorize
>> rlm_ldap: performing user authorization for user_test
>> radius_xlat:  '(uid=user_test)'
>> radius_xlat:  'dc=teste,dc=pt'
>> rlm_ldap: ldap_get_conn: Checking Id: 0
>> rlm_ldap: ldap_get_conn: Got Id: 0
>> rlm_ldap: performing search in dc=teste,dc=pt, with filter (uid=user_test)
>> Waking up in 1 seconds...
>> Threads: total/active/spare threads = 5/1/4
>> rlm_ldap: checking if remote access for user_test is allowed by uid
>> rlm_ldap: Added password {CRYPT}HkDWb49nxN4Zo in check items
>> rlm_ldap: looking for check items in directory...
>> rlm_ldap: Adding userPassword as User-Password, value
>> {CRYPT}HkDWb49nxN4Zo & op=21
>> rlm_ldap: looking for reply items in directory...
>> rlm_ldap: user gilberto authorized to use remote access
>> rlm_ldap: ldap_release_conn: Release Id: 0
>>  modcall[authorize]: module "ldap" returns ok for request 2
>> rlm_pap: No clear-text password in the request.  Not performing PAP.
>>  modcall[authorize]: module "pap" returns noop for request 2
>> modcall: leaving group authorize (returns ok) for request 2
>> auth: No User-Password or CHAP-Password attribute in the request
>> auth: Failed to validate the user.
>> Login incorrect: [user_test/<no User-Password attribute>] (from client
>> 192.168.1.69 port 371 cli 0040.96a2.24f3)
>> Delaying request 2 for 1 seconds
>> Finished request 2
>> Going to the next request
>> Thread 3 waiting to be assigned a request
>> --- Walking the entire request list ---
>> Waking up in 1 seconds...
>> Threads: total/active/spare threads = 5/0/5
>> --- Walking the entire request list ---
>> Sending Access-Reject of id 121 to 192.168.1.69 port 1645
>> Waking up in 4 seconds...
>> --- Walking the entire request list ---
>> Cleaning up request 2 ID 121 with timestamp 4669d1cd
>> Nothing to do.  Sleeping until we see a request.
>>
>>
>> Anyone can help-me.
>>
>> Best regards
>>
>> --
>> /emmc
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>     
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
I saw in the forum of securew2 that is no free dor windows plataforms.

-- 
/emmc




More information about the Freeradius-Users mailing list