OpenLDAP and FreeRadius Auth
alex at c2company.com
Tue Aug 12 08:57:43 CEST 2014
Thanks for the reply.
I did have that in there but removed it trying to force it. I will change it back and play with it again tomorrow.
On Aug 11, 2014 11:50 PM, Alan DeKok <aland at deployingradius.com> wrote:
Alex Gregory wrote:
> I have done lots of searching and through some archived messages from this list made some good progress. Reading these messages I have determined that since I have md5 hashed passwords in my openldap database I need to use PAP + TTLS. I have read and performed the radtests at the top of the inner-tunnel config file with successful auths. Specifically, I ran the following successfully:
> radtest -t pap USER PASSWORD 127.0.0.1:18120 0 testing123
> My problem comes when I try to authenticate a wireless device against the network. I enter the username and password in the dialog (cisco WLC and Mac OSX Client) and get the following from the freeradius debug output. I think its trying to do a form of authentication that I do not want hence why I am getting "No Authenticate method found for request". Any guidance would be greatly appreciated. If you need me to supply config files I can do that. Thank you ahead of time for taking the time to read this:
You edited the configuration files and broke them. Don't do that.
> Tue Aug 12 00:42:07 2014 : Info: [ttls] Sending tunneled request
> User-Name = "alexgregory"
> MS-CHAP-Challenge = 0x63617d3c0b66a7d44fc7f62af61cceb2
> MS-CHAP2-Response = 0x1c002eb87c02bede7f0934cda0f7765cfaac0000000000000000c2ab1c939dc610def7acbdc979e03d9ad581c505618bf99f
> FreeRADIUS-Proxied-To = 127.0.0.1
> Chargeable-User-Identity = ""
> Location-Capable = Civix-Location
> Calling-Station-Id = "78-31-c1-be-89-a8"
> Called-Station-Id = "d4-a0-2a-15-7f-00:C2_Test"
> NAS-Port = 4
> Cisco-AVPair = "audit-session-id=0a2100820000057653e962bb"
> NAS-IP-Address = 10.33.0.130
> NAS-Identifier = "inWebo"
> Airespace-Wlan-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
You edited the "inner-tunnel" virtual server, and deleted "mschap" from
it. Put it back.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users