<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style>
<!--
@font-face
        {font-family:SimSun}
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:Calibri}
@font-face
        {font-family:SimSun}
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
        {color:#0563C1;
        text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
        {color:#954F72;
        text-decoration:underline}
span.EmailStyle17
        {font-family:"Calibri","sans-serif";
        color:windowtext}
span.EmailStyle18
        {font-family:"Calibri","sans-serif";
        color:#1F497D}
span.EmailStyle19
        {font-family:"Calibri","sans-serif";
        color:#1F497D}
.MsoChpDefault
        {font-size:10.0pt}
@page WordSection1
        {margin:1.0in 1.25in 1.0in 1.25in}
div.WordSection1
        {}
-->
</style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hey guys,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I want to implement the Cisco WLC 5508 to FreeRadius server, basically the FreeRadius Server is integrate with LDAP.</p>
<p class="MsoNormal">The connection will look like diagram below,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">WLC 5508 --------> FreeRadius (Integrated LDAP)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The connection between WLC 5508 to FreeRadius is using EAP.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I got an errors while doing the test, the errors are below, </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><i><span style="color:#203864">+- entering group authorize {...}</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap] performing user authorization for evening</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap]    expand: %{Stripped-User-Name} ->
</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap]    ... expanding second conditional</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap]    expand: %{User-Name} -> evening</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap]    expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=evening)</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap]    expand: dc=fng,dc=fnf,dc=local -> dc=fng,dc=fnf,dc=local</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">  [ldap] ldap_get_conn: Checking Id: 0</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">  [ldap] ldap_get_conn: Got Id: 0</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">  [ldap] performing search in dc=fng,dc=fnf,dc=local, with filter (uid=evening)</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap] looking for check items in directory...</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap] looking for reply items in directory...</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[ldap] user evening authorized to use remote access</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">  [ldap] ldap_release_conn: Release Id: 0</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">++[ldap] returns ok</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[eap] EAP packet type response id 1 length 12</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">[eap] No EAP Start, assuming it's an on-going EAP conversation</span></i></p>
<p class="MsoNormal"><i> </i></p>
<p class="MsoNormal">I also getting this Accept-Challenge and Accept-Request, see the errors below,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><i><span style="color:#203864">++[eap] returns handled</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">Sending Access-Challenge of id 153 to 10.201.65.241 port 32769</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                EAP-Message = 0x010200061920</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Message-Authenticator = 0x00000000000000000000000000000000</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                State = 0x7acc1b267ace021e658dc33386efc594</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">Finished request 5.</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">Going to the next request</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">Waking up in 4.9 seconds.</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">rad_recv: Access-Request packet from host 10.201.65.241 port 32769, id=154, length=347</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                User-Name = "evening"</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Calling-Station-Id = "00-23-12-11-6f-c5"</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Called-Station-Id = "ec-c8-82-ab-03-10:FNTest"</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                NAS-Port = 1</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Cisco-AVPair = "audit-session-id=0ac941f10001e76252a7e42a"</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                NAS-IP-Address = 10.201.65.241</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                NAS-Identifier = "F&N_COM_WLC5508_2"</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Airespace-Wlan-Id = 3</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Service-Type = Framed-User</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Framed-MTU = 1300</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                NAS-Port-Type = Wireless-802.11</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Tunnel-Type:0 = VLAN</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Tunnel-Medium-Type:0 = IEEE-802</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Tunnel-Private-Group-Id:0 = "10"</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                EAP-Message = 0x0202006d198000000063160301005e0100005a030152a7e33ffc9ad76b67fac2d1ba43bfca99c29126ee731235c001ea8bfdf4bd32000018002f00350005000ac013c014c009c00a003200380013000401000019ff01000100000a0006000400170018000b0002010000230000</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                State = 0x7acc1b267ace021e658dc33386efc594</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864">                Message-Authenticator = 0x59835b7747b9a7654512b48586a132a5</span></i></p>
<p class="MsoNormal"><i><span style="color:#203864"> </span></i></p>
<p class="MsoNormal"><b> </b></p>
<p class="MsoNormal">What are the possibility that the authentication failed between Cisco WLC to FreeRadius??</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Hope you guys can assist me on this particular issues.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Really appreciate it for your help.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks & Regards,</p>
<p class="MsoNormal">Weng Chee</p>
</div>
DISCLAIMER: This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient or the person responsible, be advised that you have
 received this e-mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately notify us. Thank you.
</body>
</html>