pretty clear: (0) ldapwifi1: Performing unfiltered search in "", scope "sub" (0) ldapwifi1: Waiting for search result... (0) ldapwifi1: The specified DN wasn't found (0) ldapwifi1: Search returned no results check your LDAP config, check the debug again to see whats coming in and then ensure that your LDAP search works on command line with whats being sent through. alan On 23 May 2018 at 21:01, Saurabh Lahoti <saurabh.astronomy@gmail.com> wrote:
Dear Alan,
Rectified the clients.conf file & added clients configuration to it. Still, authentication fails with below error:
(0) Received Access-Request Id 8 from 172.18.40.40:32774 to 192.168.154.96:1812 length 248 (0) User-Name = "wwwwww" (0) User-Password = "xxxxxx" (0) Service-Type = Login-User (0) NAS-IP-Address = 172.18.40.40 (0) NAS-Port = 13 (0) Cisco-AVPair = "audit-session-id=ac122828000653795b05b338" (0) Framed-IP-Address = 192.168.246.30 (0) Acct-Session-Id = "5b05b335/f4:0f:24:1a:89:35/447199" (0) NAS-Identifier = "BOR-WLC-01" (0) NAS-Port-Type = Wireless-802.11 (0) Airespace-Wlan-Id = 2 (0) Calling-Station-Id = "f4-0f-24-1a-89-35" (0) Called-Station-Id = "00-23-eb-26-f3-60:guest" (0) Message-Authenticator = 0x9fd55d37c61ac59b43dc5bae82c8470d (0) # Executing section authorize from file /usr/app/radius-new2/prod-corp-internal/etc/raddb/sites-enabled/wifi (0) authorize { (0) [preprocess] = ok (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "wwwwww", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) if ( Called-Station-Id =~ /:SSID_Office$/ ) { (0) if ( Called-Station-Id =~ /:SSID_Office$/ ) -> FALSE (0) elsif ( Airespace-Wlan-Id == 2 ) { (0) elsif ( Airespace-Wlan-Id == 2 ) -> TRUE (0) elsif ( Airespace-Wlan-Id == 2 ) { (0) redundant-load-balance group { rlm_ldap (ldapwifi1): Closing connection (0): Hit idle_timeout, was idle for 272 seconds rlm_ldap (ldapwifi1): You probably need to lower "min" rlm_ldap (ldapwifi1): Closing connection (1): Hit idle_timeout, was idle for 272 seconds rlm_ldap (ldapwifi1): You probably need to lower "min" rlm_ldap (ldapwifi1): Closing connection (2): Hit idle_timeout, was idle for 272 seconds rlm_ldap (ldapwifi1): You probably need to lower "min" rlm_ldap (ldapwifi1): Closing connection (3): Hit idle_timeout, was idle for 272 seconds rlm_ldap (ldapwifi1): You probably need to lower "min" rlm_ldap (ldapwifi1): Closing connection (4): Hit idle_timeout, was idle for 272 seconds rlm_ldap (ldapwifi1): You probably need to lower "min" rlm_ldap (ldapwifi1): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (ldapwifi1): Opening additional connection (5), 1 of 10 pending slots used rlm_ldap (ldapwifi1): Connecting to ldap://192.168.154.33:389 rlm_ldap (ldapwifi1): Waiting for bind result... rlm_ldap (ldapwifi1): Bind successful rlm_ldap (ldapwifi1): Reserved connection (5) (0) ldapwifi1: Performing unfiltered search in "", scope "sub" (0) ldapwifi1: Waiting for search result... (0) ldapwifi1: The specified DN wasn't found (0) ldapwifi1: Search returned no results rlm_ldap (ldapwifi1): Released connection (5) Need 4 more connections to reach min connections (5) rlm_ldap (ldapwifi1): Opening additional connection (6), 1 of 9 pending slots used rlm_ldap (ldapwifi1): Connecting to ldap://192.168.154.33:389 rlm_ldap (ldapwifi1): Waiting for bind result... rlm_ldap (ldapwifi1): Bind successful (0) [ldapwifi1] = notfound (0) } # redundant-load-balance group = notfound (0) } # elsif ( Airespace-Wlan-Id == 2 ) = notfound (0) [expiration] = noop (0) [logintime] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /usr/app/radius-new2/prod-corp-internal/etc/raddb/sites-enabled/wifi (0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [wwwwww] (from client WLC1 port 13 cli f4-0f-24-1a-89-35) (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 8 from 192.168.154.96:1812 to 172.18.40.40:32774 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 8 with timestamp +272
Could you please help in rectifying missing authorization config for radius server..?
----
*Thanks & Kind Regards,* Saurabh LAHOTI. - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html