Can?t bring it to work on Centos 5.2...

Mike freerad at reproheinatz.de
Fri Jul 3 12:24:30 CEST 2009


Dear list,
after 4 days of work and lots of google searches I?m really in the need 
for some help!
My Setup:
A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x 
and Dovecot Imap with domain and users stored in mysql, all with tls 
enabled. Edimax AccessPoint 7206PDg
My goal:
Allowing User authentication for iPhone and Macs with user/password
My current Setup:
<http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5>
I?ve followed this as far as possible. Only one difference: I did build 
freeradius 1.1.7 from source in the lag of a rpm-package. I?ve 
configured with "./configure --libdir=/usr/lib64". While it only 
complains about some missing oracle odbc and other sql stuff and I don?t 
want to use sql I don?t think that this will cause any problems.
Added a user, tested it local on the box, no problems.
When trying to connect from an iPhone or OS X box with username at LOCAL 
password I can see in the output radiusd -X that radius finds the user 
but doesn?t accept him for some reason. Here is the complete output:

rad_recv: Access-Request packet from host 200.0.0.35:3072, id=111, 
length=183
	User-Name = "heinatz at LOCAL"
	NAS-IP-Address = 200.0.0.35
	NAS-Port = 0
	Called-Station-Id = "001f1f0b642d"
	Calling-Station-Id = "001cb35cbaf8"
	NAS-Identifier = "Realtek Access Point. 8181"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Service-Type = Framed-User
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x02000012016865696e61747a404c4f43414c
	Message-Authenticator = 0xdcc5aaa0f32561169a2a05d747304337
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
   modcall[authorize]: module "preprocess" returns ok for request 5
   modcall[authorize]: module "chap" returns noop for request 5
   modcall[authorize]: module "mschap" returns noop for request 5
     rlm_realm: Looking up realm "LOCAL" for User-Name = "heinatz at LOCAL"
     rlm_realm: Found realm "LOCAL"
     rlm_realm: Adding Stripped-User-Name = "heinatz"
     rlm_realm: Proxying request from user heinatz to realm LOCAL
     rlm_realm: Adding Realm = "LOCAL"
     rlm_realm: Authentication realm is LOCAL.
   modcall[authorize]: module "suffix" returns noop for request 5
   rlm_eap: EAP packet type response id 0 length 18
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 5
     users: Matched entry heinatz at line 1
   modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
   modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 111 to 200.0.0.35 port 3072
	EAP-Message = 0x010100061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3007b9dfcccdaed8744c14b1f8483417
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 200.0.0.35:3072, id=112, 
length=183
	User-Name = "heinatz at LOCAL"
	NAS-IP-Address = 200.0.0.35
	NAS-Port = 0
	Called-Station-Id = "001f1f0b642d"
	Calling-Station-Id = "001cb35cbaf8"
	NAS-Identifier = "Realtek Access Point. 8181"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Service-Type = Framed-User
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x02010012016865696e61747a404c4f43414c
	Message-Authenticator = 0x4ff89acc02de903bb99910a0da6f0be9
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
   modcall[authorize]: module "preprocess" returns ok for request 6
   modcall[authorize]: module "chap" returns noop for request 6
   modcall[authorize]: module "mschap" returns noop for request 6
     rlm_realm: Looking up realm "LOCAL" for User-Name = "heinatz at LOCAL"
     rlm_realm: Found realm "LOCAL"
     rlm_realm: Adding Stripped-User-Name = "heinatz"
     rlm_realm: Proxying request from user heinatz to realm LOCAL
     rlm_realm: Adding Realm = "LOCAL"
     rlm_realm: Authentication realm is LOCAL.
   modcall[authorize]: module "suffix" returns noop for request 6
   rlm_eap: EAP packet type response id 1 length 18
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 6
     users: Matched entry heinatz at line 1
   modcall[authorize]: module "files" returns ok for request 6
rlm_pap: Found existing Auth-Type, not changing it.
   modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 112 to 200.0.0.35 port 3072
	EAP-Message = 0x010200061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x119b990a80c7f24ac94f61626e747416
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 111 with timestamp 4a4dcc9d
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 112 with timestamp 4a4dcca2
Nothing to do.  Sleeping until we see a request.


I?m really at the end of my knowledge, please help,

Mike



More information about the Freeradius-Users mailing list