Freeradius unable to configure with Kerberos on RHEL 5.5

Uzee uzee007 at yahoo.com
Thu Sep 18 15:00:07 CEST 2014


Hi All,
I've also registered at http://freeradius.1045715.n5.nabble.com/Users-f2740693.html but I don't see my message there, though it is visible on the lists page.
I know the mailing lists are a great way for people to get and give help.

Just don't know how and when should I follow up on my issue.

Thanks 
-uzee



On Thursday, September 18, 2014 12:09 AM, Uzee <uzee007 at yahoo.com> wrote:
Tried adding the kerberos realm to proxy.conf realm section.... still no luck.







On Wednesday, September 17, 2014 2:24 PM, Uzee <uzee007 at yahoo.com> wrote:
Hi,

I inherited freeradius 1.1.3 on RHEL 5.5 working with our kerberos and first tried to understand how it was setup but looking at the freeradius site and docs I decided that I should really upgrade.
Removed freeradius, installed via yum: freeradius2-2.1.12-5.el5, freeradius2-utils-2.1.12-5.el5, freeradius2-krb5-2.1.12-5.el5
Followed http://lists.freeradius.org/pipermail/freeradius-users/2012-December/064375.html and was able to do a localhost radtest successfully using my actual username and password, which confirmed to me that radius was authenticating correctly via our kerberos server. However when I try with an actual wireless network, it doesn't work. I've also looked at https://www.eduroam.us/node/45 and tried to follow that except for the proxy stuff, I'm not sure if that is needed.

Here are my configs:
/etc/raddb/modules/krb5:
krb5 { 
        keytab = /etc/krb5.keytab 
        service_principal = myserver/myserver.domain 
} 

Added kerberos after pap in /etc/raddb/sites-available/default:
authenticate { 
        # 
        #  PAP authentication, when a back-end database listed 
        #  in the 'authorize' section supplies a password.  The 
        #  password can be clear-text, or encrypted. 
        Auth-Type PAP { 
                pap 
        } 
        # 
        # Kerberos stuff 
        Auth-Type Kerberos { 
                krb5 
        } 
Similarly added kerberos in /etc/raddb/sites-available/inner-tunnel:

authenticate { 
        # 
        #  PAP authentication, when a back-end database listed 
        #  in the 'authorize' section supplies a password.  The 
        #  password can be clear-text, or encrypted. 
        Auth-Type PAP { 
                pap 
        } 
        # Kerberos stuff 
        Auth-Type Kerberos { 
                krb5 
        } 

Modified eap.conf to:

default_eap_type = ttls
copy_request_to_tunnel = yes
use_tunneled_reply = yes 

Added as first entry to users file:

DEFAULT Auth-Type = Kerberos 
        Fall-Through = 1 

Added our Aruba controller to clients.conf:
client ARUBA { 
        ipaddr = x.x.x.x
        secret          = mysecret 
        shortname       = myssid
} 


Ran radiusd -xxx, here's the log:

Wed Sep 17 04:29:25 2014 : Debug: Re-wait 4 
Wed Sep 17 04:29:25 2014 : Debug: Re-wait 3 
Wed Sep 17 04:29:25 2014 : Debug: Listening on authentication address * port 1812 
Wed Sep 17 04:29:25 2014 : Debug: Listening on accounting address * port 1813 
Wed Sep 17 04:29:25 2014 : Debug: Listening on command file /var/run/radiusd/radiusd.sock 
Wed Sep 17 04:29:25 2014 : Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel 
Wed Sep 17 04:29:25 2014 : Debug: Listening on proxy address * port 1814 
Wed Sep 17 04:29:25 2014 : Info: Ready to process requests. 
Wed Sep 17 04:29:25 2014 : Debug: Re-wait 2 
Wed Sep 17 04:30:19 2014 : Debug: Threads: total/active/spare threads = 5/0/5 
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. 
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 got semaphore 
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 handling request 0, (1 handled so far) 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 1 length 11 
Wed Sep 17 04:30:19 2014 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns updated 
Wed Sep 17 04:30:19 2014 : Info: [files] users: Matched entry DEFAULT at line 143 
Wed Sep 17 04:30:19 2014 : Info: ++[files] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[expiration] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[logintime] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this. 
Wed Sep 17 04:30:19 2014 : Info: ++[pap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP Identity 
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type tls 
Wed Sep 17 04:30:19 2014 : Info: [tls] Initiate 
Wed Sep 17 04:30:19 2014 : Info: [tls] Start returned 1 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled 
Wed Sep 17 04:30:19 2014 : Info: Finished request 0. 
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request 
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 waiting to be assigned a request 
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. 
Wed Sep 17 04:30:19 2014 : Debug: Thread 5 got semaphore 
Wed Sep 17 04:30:19 2014 : Debug: Thread 5 handling request 1, (1 handled so far) 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 2 length 166 
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} 
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls 
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate 
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS 
Wed Sep 17 04:30:19 2014 : Debug:   TLS Length 156 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     (other): before/accept initialization 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: before/accept initialization 
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0097], ClientHello 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 read client hello A 
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 write server hello A 
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 write certificate A 
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 write server done A 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 flush data 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate A 
Wed Sep 17 04:30:19 2014 : Debug: In SSL Handshake Phase 
Wed Sep 17 04:30:19 2014 : Debug: In SSL Accept mode 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled 
Wed Sep 17 04:30:19 2014 : Info: Finished request 1. 
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request 
Wed Sep 17 04:30:19 2014 : Debug: Thread 5 waiting to be assigned a request 
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. 
Wed Sep 17 04:30:19 2014 : Debug: Thread 4 got semaphore 
Wed Sep 17 04:30:19 2014 : Debug: Thread 4 handling request 2, (1 handled so far) 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 3 length 6 
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} 
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls 
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate 
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Received TLS ACK 
Wed Sep 17 04:30:19 2014 : Info: [ttls] ACK handshake fragment handler 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 1 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled 
Wed Sep 17 04:30:19 2014 : Info: Finished request 2. 
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request 
Wed Sep 17 04:30:19 2014 : Debug: Thread 4 waiting to be assigned a request 
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. 
Wed Sep 17 04:30:19 2014 : Debug: Thread 3 got semaphore 
Wed Sep 17 04:30:19 2014 : Debug: Thread 3 handling request 3, (1 handled so far) 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 4 length 6 
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} 
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls 
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate 
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Received TLS ACK 
Wed Sep 17 04:30:19 2014 : Info: [ttls] ACK handshake fragment handler 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 1 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled 
Wed Sep 17 04:30:19 2014 : Info: Finished request 3. 
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request 
Wed Sep 17 04:30:19 2014 : Debug: Thread 3 waiting to be assigned a request 
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. 
Wed Sep 17 04:30:19 2014 : Debug: Thread 2 got semaphore 
Wed Sep 17 04:30:19 2014 : Debug: Thread 2 handling request 4, (1 handled so far) 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 5 length 253 
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} 
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls 
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate 
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS 
Wed Sep 17 04:30:19 2014 : Debug:   TLS Length 326 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11 
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 read client key exchange A 
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] 
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010], Finished 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 read finished A 
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 write change cipher spec A 
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0010], Finished 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 write finished A 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     TLS_accept: SSLv3 flush data 
Wed Sep 17 04:30:19 2014 : Info: [ttls]     (other): SSL negotiation finished successfully 
Wed Sep 17 04:30:19 2014 : Debug: SSL Connection Established 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled 
Wed Sep 17 04:30:19 2014 : Info: Finished request 4. 
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request 
Wed Sep 17 04:30:19 2014 : Debug: Thread 2 waiting to be assigned a request 
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.8 seconds. 
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 got semaphore 
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 handling request 5, (2 handled so far) 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 6 length 159 
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} 
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list 
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls 
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate 
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS 
Wed Sep 17 04:30:19 2014 : Debug:   TLS Length 149 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11 
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 7 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Session established.  Proceeding to decode tunneled attributes. 
Wed Sep 17 04:30:19 2014 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel 
Wed Sep 17 04:30:19 2014 : Info: +- entering group authorize {...} 
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap' 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns ok 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL 
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" 
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[control] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [eap] No EAP-Message, not doing EAP 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: [files] users: Matched entry DEFAULT at line 143 
Wed Sep 17 04:30:19 2014 : Info: ++[files] returns ok 
Wed Sep 17 04:30:19 2014 : Info: ++[expiration] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[logintime] returns noop 
Wed Sep 17 04:30:19 2014 : Info: ++[pap] returns noop 
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = MSCHAP 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel 
Wed Sep 17 04:30:19 2014 : Info: +- entering group MS-CHAP {...} 
Wed Sep 17 04:30:19 2014 : Info: [mschap] No Cleartext-Password configured.  Cannot create LM-Password. 
Wed Sep 17 04:30:19 2014 : Info: [mschap] No Cleartext-Password configured.  Cannot create NT-Password. 
Wed Sep 17 04:30:19 2014 : Info: [mschap] Creating challenge hash with username: xxxx 
Wed Sep 17 04:30:19 2014 : Info: [mschap] Told to do MS-CHAPv2 for xxxx with NT-Password 
Wed Sep 17 04:30:19 2014 : Info: [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication. 
Wed Sep 17 04:30:19 2014 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect 
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns reject 
Wed Sep 17 04:30:19 2014 : Info: Failed to authenticate the user. 
Wed Sep 17 04:30:19 2014 : Info: [ttls] Got tunneled Access-Reject 
Wed Sep 17 04:30:19 2014 : Info: [eap] Handler failed in EAP/ttls 
Wed Sep 17 04:30:19 2014 : Info: [eap] Failed in EAP select 
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns invalid 
Wed Sep 17 04:30:19 2014 : Info: Failed to authenticate the user. 
Wed Sep 17 04:30:19 2014 : Info: Using Post-Auth-Type Reject 
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default 
Wed Sep 17 04:30:19 2014 : Info: +- entering group REJECT {...} 
Wed Sep 17 04:30:19 2014 : Info: [attr_filter.access_reject]    expand: %{User-Name} -> xxxx 
Wed Sep 17 04:30:19 2014 : Debug: attr_filter: Matched entry DEFAULT at line 11 
Wed Sep 17 04:30:19 2014 : Info: ++[attr_filter.access_reject] returns updated 
Wed Sep 17 04:30:19 2014 : Info: Delaying reject of request 5 for 1 seconds 
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request 
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 waiting to be assigned a request 
Wed Sep 17 04:30:20 2014 : Info: Sending delayed reject for request 5 
Wed Sep 17 04:30:20 2014 : Debug: Waking up in 3.8 seconds. 
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 0 ID 57 with timestamp +54 
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 1 ID 58 with timestamp +54 
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 2 ID 59 with timestamp +54 
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 3 ID 60 with timestamp +54 
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 4 ID 61 with timestamp +54 
Wed Sep 17 04:30:24 2014 : Debug: Waking up in 1.0 seconds. 
Wed Sep 17 04:30:25 2014 : Info: Cleaning up request 5 ID 62 with timestamp +54 
Wed Sep 17 04:30:25 2014 : Info: Ready to process requests. 

The wireless network is served from an Aruba controller which works fine with a windows radius server using AD authentication (for a diff SSID)

I can't say that I have looked through the list messages entirely but have spent reasonable time looking at different threads and reading radius docs, if I have still missed something obvious I apologize in advance.


Any help/suggestion/advice would be greatly appreciated. 

Thanks 
-uzee


More information about the Freeradius-Users mailing list