Alexander Kulbiy wrote:
I'm trying to configure RADIUS server that would be used for authentication of users in Wi-Fi network with WPA-enterprise encryption. To do this I'm trying to use EAP + LDAP inside of freeradius. The problem is that I see in log:
You edited the default configuration and broke it. Don't do that.
ttls] Sending tunneled request User-Name = "alexander.duts" MS-CHAP-Challenge = 0xa6d98f587da2024f7a6513f2e991d261 MS-CHAP2-Response = 0x7a004794198aef4fbcb66d3e389079ed41560000000000000000fa8c2cdf0c49219574c0826b377c9d6ca977ece95f465ae4 FreeRADIUS-Proxied-To = 127.0.0.1 server { # Executing section authorize from file /etc/freeradius/sites-enabled/default
This is catastrophically broken. WHY did you edit the TTLS configuration and break it?
ttls { default_eap_type = "gtc" copy_request_to_tunnel = no use_tunneled_reply = no include_length = yes }
It SHOULD have: virtual_server = "inner-tunnel" You deleted that. That's wrong. And you broke more, too: ...
[ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=People,dc=wildix,dc=local, with filter (cn=alexander.duts) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}ibKj45B56xWdI2wgngTn5A==" [ldap] looking for reply items in directory... [ldap] user alexander.duts authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ERROR: No authenticate method (Auth-Type) found for the request:
The last error is produced by the server core when it can't find an Auth-Type for the user. The *previous* line SHOULD HAVE BEEN the "pap" module. You deleted that from the file raddb/sites-enabled/default. Why?
Does anyone have idea what could be the problem?
You did a lot of work to break the server. Don't do that. The default configuration works. Change as little as possible. If you don't understand something, don't change it. Alan DeKok.