cisco WAP/FreeRadius/OpenLDAP

Matthew Arguin matt.arguin at currensee.com
Wed Nov 2 16:54:38 CET 2011


something else i just found radtest only seems to work from localhost..

[root at ops2 raddb]# radtest marguin2 r0adkill localhost 0 
i6Lw7uNsG7pZDUGgxirg
Sending Access-Request of id 235 to 127.0.0.1 port 1812
         User-Name = "marguin2"
         User-Password = "r0adkill"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 0
         Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=235, 
length=30
         Filter-Id = "wireless"


[root at ops2 raddb]# radtest marguin2 r0adkill 192.168.10.31 0 
i6Lw7uNsG7pZDUGgxirg
Sending Access-Request of id 96 to 192.168.10.31 port 1812
         User-Name = "marguin2"
         User-Password = "r0adkill"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 0
         Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 96 to 192.168.10.31 port 1812
         User-Name = "marguin2"
         User-Password = "r0adkill"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 0
         Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 96 to 192.168.10.31 port 1812
         User-Name = "marguin2"
         User-Password = "r0adkill"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 0
         Message-Authenticator = 0x00000000000000000000000000000000
radclient: no response from server for ID 96 socket 3


On 11/2/2011 10:53 AM, freeradius-users-request at lists.freeradius.org wrote:
> Send Freeradius-Users mailing list submissions to
> 	freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> 	freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> 	freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>     1. Re: Huntgroup Checking (simonm123)
>     2. Re: Need help with Freeradius and 802.1X (johnboy68)
>     3. Re: Huntgroup Checking (Ben West)
>     4. Re: cisco WAP/FreeRadius/OpenLDAP (Matthew Arguin)
>     5. Re: Need help with Freeradius and 802.1X (Alan Buxey)
>     6. Re: Need help with Freeradius and 802.1X (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 2 Nov 2011 07:07:34 -0700 (PDT)
> From: simonm123<simon.morley at me.com>
> Subject: Re: Huntgroup Checking
> To: freeradius-users at lists.freeradius.org
> Message-ID:<1320242854156-4958155.post at n5.nabble.com>
> Content-Type: text/plain; charset=us-ascii
>
> Can anyone tell me if hungroup checking can be made to work on the group
> level, not just the user level?
>
> Thanks
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 2 Nov 2011 07:08:58 -0700 (PDT)
> From: johnboy68<tripleadad68 at yahoo.com>
> Subject: Re: Need help with Freeradius and 802.1X
> To: freeradius-users at lists.freeradius.org
> Message-ID:<1320242938352-4958157.post at n5.nabble.com>
> Content-Type: text/plain; charset=us-ascii
>
> I have ntlm_auth working.  I can auth my AD users with this command:
>
> radtest -t mschap aduser aspassword localhost 0 testing123
>
> And it works.
>
> My problem is when I configure one of my Cisco switches to do 802.1x and
> authenticate with Freeradius my Windows (Windows 7 and Vista) machines fail
> to get authorized with the Windows supplicant.  I am running Freeradius in
> debug mode and have tried to trace down where it is failing on my own but
> since I have no experience in this area I am just chasing my tail.  Is it a
> problem with PEAP, EAP, TLS?  Do I need a certificate?  I just don't know
> and if I did I wouldn't know how to configure it.  I have not been able to
> find any conclusive documentation in this area.
>
> I could put the output here of what Freeradius outputs during a connection
> attempt but I since I am testing this in our production environment, I don't
> want to put that kind of information out in a public forum.
>
> Any thoughts?
>
>
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/Need-help-with-Freeradius-and-802-1X-tp4865617p4958157.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 2 Nov 2011 09:22:25 -0500
> From: Ben West<westbywest at gmail.com>
> Subject: Re: Huntgroup Checking
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<CADSh-SNFZJ1dOx3S1D_sVKPHxxP7GfDq-4+=2rSRLtUwbS+nTw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> You may need to inspect whether the groupcheck query in
> mysql/dailup.conf (if you are using MySQL) looks in the huntgroup
> table.
>
> For example, this is the default query in my copy of freeRADIUS
> provided by Debian:
>
>          authorize_group_check_query = "SELECT id, groupname, attribute, \
>            Value, op \
>            FROM ${groupcheck_table} \
>            WHERE groupname = '%{Sql-Group}' \
>            ORDER BY id"
>
> Try modifying it as such:
>
>          authorize_group_check_query = "SELECT id, groupname, attribute, \
>            value, op \
>            FROM ${groupcheck_table} \
>            WHERE ( groupname = '%{Sql-Group}' \
>            OR groupname = '%{Huntgroup-Name}' ) \
>            ORDER BY id"
>
>
> On Wed, Nov 2, 2011 at 9:07 AM, simonm123<simon.morley at me.com>  wrote:
>> Can anyone tell me if hungroup checking can be made to work on the group
>> level, not just the user level?
>>
>> Thanks
>>
>> --
>> View this message in context: http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155.html
>> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>
>

-- 
Matthew Arguin
Currensee, Inc.
54 Canal St, 4th Floor
Boston, MA 02114
(617) 986-4758 (Office)
_________________________________________________________________________
This email and any files transmitted with it are confidential and intended solely for the addressee.  If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system.

© 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions.

Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824




More information about the Freeradius-Users mailing list