Freeradius to authenticate 802.1x wireless user in Cisco WLC Controller

Fatih Naufal fatih.avila at gmail.com
Mon Jun 12 11:00:18 CEST 2017 

First of all i want to apologize for my bad english / grammar. I'm new user
(noobs) to freeradius, i'm currently working on 802.1x wireless
authentication project refering to this source :
http://www.ebbmar.com/?p=277

I have configured all of the steps but i can't still login to the SSID that
i've been configured with WPA+WPA2 and 802.1x auth key in controller.

Here's my freeradius -fxxX debug when i tried login to my SSID
Mon Jun 12 15:35:18 2017 : Debug: (0) Received Access-Request Id 76 from
172.30.254.3:56712 to 172.29.174.12:1812 length 264
Mon Jun 12 15:35:18 2017 : Debug: (0)   User-Name = "bob"
Mon Jun 12 15:35:18 2017 : Debug: (0)   Chargeable-User-Identity = 0x03
Mon Jun 12 15:35:18 2017 : Debug: (0)   Location-Capable = Civix-Location
Mon Jun 12 15:35:18 2017 : Debug: (0)   Calling-Station-Id =
"74-c6-3b-c9-c0-05"
Mon Jun 12 15:35:18 2017 : Debug: (0)   Called-Station-Id =
"58-ac-78-ee-8a-20:802.1x"
Mon Jun 12 15:35:18 2017 : Debug: (0)   NAS-Port = 1
Mon Jun 12 15:35:18 2017 : Debug: (0)   Cisco-AVPair = "audit-session-id=
03fe1eac0013ad70f0513e59"
Mon Jun 12 15:35:18 2017 : Debug: (0)   Acct-Session-Id =
"593e51f0/74:c6:3b:c9:c0:05/397562"
Mon Jun 12 15:35:18 2017 : Debug: (0)   NAS-IP-Address = 172.30.254.3
Mon Jun 12 15:35:18 2017 : Debug: (0)   NAS-Identifier = "IPB-WLC-5520"
Mon Jun 12 15:35:18 2017 : Debug: (0)   Airespace-Wlan-Id = 69
Mon Jun 12 15:35:18 2017 : Debug: (0)   Service-Type = Framed-User
Mon Jun 12 15:35:18 2017 : Debug: (0)   Framed-MTU = 1300
Mon Jun 12 15:35:18 2017 : Debug: (0)   NAS-Port-Type = Wireless-802.11
Mon Jun 12 15:35:18 2017 : Debug: (0)   Tunnel-Type:0 = VLAN
Mon Jun 12 15:35:18 2017 : Debug: (0)   Tunnel-Medium-Type:0 = IEEE-802
Mon Jun 12 15:35:18 2017 : Debug: (0)   Tunnel-Private-Group-Id:0 = "403"
Mon Jun 12 15:35:18 2017 : Debug: (0)   EAP-Message = 0x0206000801626f62
Mon Jun 12 15:35:18 2017 : Debug: (0)   Message-Authenticator =
0x1ea56623b5daa166a71a53059bb1f941
Mon Jun 12 15:35:18 2017 : Debug: (0) session-state: No State attribute
Mon Jun 12 15:35:18 2017 : Debug: (0) # Executing section authorize from
file /etc/freeradius/3.0/sites-enabled/default
Mon Jun 12 15:35:18 2017 : Debug: (0)   authorize {
Mon Jun 12 15:35:18 2017 : Debug: (0)     policy filter_username {
Mon Jun 12 15:35:18 2017 : Debug: (0)       if (&User-Name) {
Mon Jun 12 15:35:18 2017 : Debug: (0)       if (&User-Name)  -> TRUE
Mon Jun 12 15:35:18 2017 : Debug: (0)       if (&User-Name)  {
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /@[^@]*@/ )
{
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /@[^@]*@/ )
 -> FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /\.\./ ) {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /\.\./ )
 -> FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0)         if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/))  {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0)         if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /\.$/)  {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /\.$/)   ->
FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /@\./)  {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0)         if (&User-Name =~ /@\./)   ->
FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0)       } # if (&User-Name)  = notfound
Mon Jun 12 15:35:18 2017 : Debug: (0)     } # policy filter_username =
notfound
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: calling
preprocess (rlm_preprocess)
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [preprocess] = ok
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: calling
chap (rlm_chap)
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: returned
from chap (rlm_chap)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [chap] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: calling
mschap (rlm_mschap)
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: returned
from mschap (rlm_mschap)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [mschap] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: calling
digest (rlm_digest)
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: returned
from digest (rlm_digest)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [digest] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: calling
suffix (rlm_realm)
Mon Jun 12 15:35:18 2017 : Debug: (0) suffix: Checking for suffix after "@"
Mon Jun 12 15:35:18 2017 : Debug: (0) suffix: No '@' in User-Name = "bob",
looking up realm NULL
Mon Jun 12 15:35:18 2017 : Debug: (0) suffix: No such realm "NULL"
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: returned
from suffix (rlm_realm)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [suffix] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: calling eap
(rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Peer sent EAP Response (code 2)
ID 6 length 8
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authorize]: returned
from eap (rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [eap] = ok
Mon Jun 12 15:35:18 2017 : Debug: (0)   } # authorize = ok
Mon Jun 12 15:35:18 2017 : Debug: (0) Found Auth-Type = eap
Mon Jun 12 15:35:18 2017 : Debug: (0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Mon Jun 12 15:35:18 2017 : Debug: (0)   authenticate {
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authenticate]: calling
eap (rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Peer sent packet with method EAP
Identity (1)
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Calling submodule eap_peap to
process data
Mon Jun 12 15:35:18 2017 : Debug: (0) eap_peap: Initiating new EAP-TLS
session
Mon Jun 12 15:35:18 2017 : Debug: (0) eap_peap: [eaptls start] = request
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Sending EAP Request (code 1) ID
7 length 6
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: EAP session adding &reply:State
= 0x8383ebeb8384f22d
Mon Jun 12 15:35:18 2017 : Debug: (0)     modsingle[authenticate]: returned
from eap (rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0)     [eap] = handled
Mon Jun 12 15:35:18 2017 : Debug: (0)   } # authenticate = handled
Mon Jun 12 15:35:18 2017 : Debug: (0) Using Post-Auth-Type Challenge
Mon Jun 12 15:35:18 2017 : Debug: (0) Post-Auth-Type sub-section not
found.  Ignoring.
Mon Jun 12 15:35:18 2017 : Debug: (0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Mon Jun 12 15:35:18 2017 : Debug: (0) session-state: Nothing to cache
Mon Jun 12 15:35:18 2017 : Debug: (0) Sent Access-Challenge Id 76 from
172.29.174.12:1812 to 172.30.254.3:56712 length 0
Mon Jun 12 15:35:18 2017 : Debug: (0)   EAP-Message = 0x010700061920
Mon Jun 12 15:35:18 2017 : Debug: (0)   Message-Authenticator =
0x00000000000000000000000000000000
Mon Jun 12 15:35:18 2017 : Debug: (0)   State =
0x8383ebeb8384f22de75b576301d17bd2
Mon Jun 12 15:35:18 2017 : Debug: (0) Finished request
Mon Jun 12 15:35:18 2017 : Debug: Waking up in 4.9 seconds.
Mon Jun 12 15:35:18 2017 : Debug: Waking up in 9.9 seconds.
Mon Jun 12 15:35:28 2017 : Debug: (0) Cleaning up request packet ID 76 with
timestamp +107
Mon Jun 12 15:35:28 2017 : Info: Ready to process requests

Any kind of suggestion and help would be appreciate

More information about the Freeradius-Users mailing list