Can?t bring it to work on Centos 5.2...
Dear list, after 4 days of work and lots of google searches I?m really in the need for some help! My Setup: A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x and Dovecot Imap with domain and users stored in mysql, all with tls enabled. Edimax AccessPoint 7206PDg My goal: Allowing User authentication for iPhone and Macs with user/password My current Setup: <http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5> I?ve followed this as far as possible. Only one difference: I did build freeradius 1.1.7 from source in the lag of a rpm-package. I?ve configured with "./configure --libdir=/usr/lib64". While it only complains about some missing oracle odbc and other sql stuff and I don?t want to use sql I don?t think that this will cause any problems. Added a user, tested it local on the box, no problems. When trying to connect from an iPhone or OS X box with username@LOCAL password I can see in the output radiusd -X that radius finds the user but doesn?t accept him for some reason. Here is the complete output: rad_recv: Access-Request packet from host 200.0.0.35:3072, id=111, length=183 User-Name = "heinatz@LOCAL" NAS-IP-Address = 200.0.0.35 NAS-Port = 0 Called-Station-Id = "001f1f0b642d" Calling-Station-Id = "001cb35cbaf8" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02000012016865696e61747a404c4f43414c Message-Authenticator = 0xdcc5aaa0f32561169a2a05d747304337 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: Looking up realm "LOCAL" for User-Name = "heinatz@LOCAL" rlm_realm: Found realm "LOCAL" rlm_realm: Adding Stripped-User-Name = "heinatz" rlm_realm: Proxying request from user heinatz to realm LOCAL rlm_realm: Adding Realm = "LOCAL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 0 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry heinatz at line 1 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 111 to 200.0.0.35 port 3072 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3007b9dfcccdaed8744c14b1f8483417 Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 200.0.0.35:3072, id=112, length=183 User-Name = "heinatz@LOCAL" NAS-IP-Address = 200.0.0.35 NAS-Port = 0 Called-Station-Id = "001f1f0b642d" Calling-Station-Id = "001cb35cbaf8" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02010012016865696e61747a404c4f43414c Message-Authenticator = 0x4ff89acc02de903bb99910a0da6f0be9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: Looking up realm "LOCAL" for User-Name = "heinatz@LOCAL" rlm_realm: Found realm "LOCAL" rlm_realm: Adding Stripped-User-Name = "heinatz" rlm_realm: Proxying request from user heinatz to realm LOCAL rlm_realm: Adding Realm = "LOCAL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 1 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry heinatz at line 1 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 112 to 200.0.0.35 port 3072 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x119b990a80c7f24ac94f61626e747416 Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 111 with timestamp 4a4dcc9d Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 112 with timestamp 4a4dcca2 Nothing to do. Sleeping until we see a request. I?m really at the end of my knowledge, please help, Mike
Am 03.07.2009 um 12:24 schrieb Mike:
Dear list, after 4 days of work and lots of google searches I?m really in the need for some help! My Setup: A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x and Dovecot Imap with domain and users stored in mysql, all with tls enabled. Edimax AccessPoint 7206PDg My goal: Allowing User authentication for iPhone and Macs with user/password My current Setup: <http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-...
I?ve followed this as far as possible. Only one difference: I did build freeradius 1.1.7 from source in the lag of a rpm-package. I?ve configured with "./configure --libdir=/usr/lib64". While it only complains about some missing oracle odbc and other sql stuff and I don?t want to use sql I don?t think that this will cause any problems.
Ok I think I will ask the question, which otherwise will be asked by someone else. If you have compiled from source, is there a reason why you have not used any new version (2.1.6), probably to have less work with the configuration? Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Nicolas Goutte schrieb:
Am 03.07.2009 um 12:24 schrieb Mike:
Dear list, after 4 days of work and lots of google searches I?m really in the need for some help! My Setup: A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x and Dovecot Imap with domain and users stored in mysql, all with tls enabled. Edimax AccessPoint 7206PDg My goal: Allowing User authentication for iPhone and Macs with user/password My current Setup: <http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5>
I?ve followed this as far as possible. Only one difference: I did build freeradius 1.1.7 from source in the lag of a rpm-package. I?ve configured with "./configure --libdir=/usr/lib64". While it only complains about some missing oracle odbc and other sql stuff and I don?t want to use sql I don?t think that this will cause any problems.
Ok I think I will ask the question, which otherwise will be asked by someone else.
If you have compiled from source, is there a reason why you have not used any new version (2.1.6), probably to have less work with the configuration?
was my first shot. But I had to quit it after I found out that 2.1.6 seems to require a newer version of openssl. While this openssl installation is also used by postfix and dovecot I didn´t want to take the risk of side effects when updating the openssl installation. It only took 1,5 days to figure out this... I also had this setup at a point where the radtest on the local box works but radiusd wasn´t able to find the user when it did come over the access point.
Have a nice day!
Nicolas Goutte
extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
My goal: Allowing User authentication for iPhone and Macs with user/password My current Setup: <http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5> I?ve followed this as far as possible. Only one difference: I did build freeradius 1.1.7 from source in the lag of a rpm-package. I?ve configured with "./configure --libdir=/usr/lib64". While it only complains about some missing oracle odbc and other sql stuff and I don?t want to use sql I don?t think that this will cause any problems. Added a user, tested it local on the box, no problems. When trying to connect from an iPhone or OS X box with username@LOCAL password I can see in the output radiusd -X that radius finds the user but doesn?t accept him for some reason. Here is the complete output:
You are using self-signed CA certificate but haven't exported it onto the client. Ivan Kalik Kalik Informatika ISP
participants (3)
-
Ivan Kalik -
Mike -
Nicolas Goutte