Authentication failure - PEAP - MS-CHAPv2
kissg
mail.gery at gmail.com
Fri Jun 19 16:36:27 CEST 2009
Problem solved! It was a routing problem... the APs are on a different
subnet as the RADIUS server. Their default gateways were set to the correct
host, that's why they could talk to the RADIUS server. The problem is, that
recently we added a ppp connection to the server, which overwrote the
default route, that way rendering the APs invisible... adding a route entry
to the routing table solved the problem.
Thank you for your help, anyways.
Regards
Gergely Kiss
2009/6/16 kissg <mail.gery at gmail.com>
> It's getting even more interesting: using the same configuration, but with
> another access point (same model and firmware version): works flawlessly.
> There are only two differences between the setups:
> - In the test environment, the AP is located near to the test machine (it
> was placed about 5-6 meters from the AP, no walls between)
> - We didn't configure VLANs on the test AP.
>
> I have a feeling, that the AP refuses the connection, because some kind of
> privilege checking fails (the client is not privileged to access the
> required VLAN). Does FreeRADIUS configuration need anything special, if the
> AP is configured for multiple VLANs?
>
> The VLAN configuration looks like this in the live environment:
>
> VLAN4 - Private vlan, the radius server is located here and an
> EAP-protected SSID is mapped to this VLAN
> VLAN5 - Public vlan, mapped to an open SSID
> VLAN6 - Management vlan - untagged - we configure the APs using this VLAN
>
> Probably the LDAP server has to provide some extra attribute which grants
> access to VLAN4, but I'm not sure. Could you please help?
>
> Thank you
>
> Gergely Kiss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090619/192ca012/attachment.html>
More information about the Freeradius-Users
mailing list