Dear Freeradius user's, a cuple days i have a problem with my radius server, i can not authenticate clients. Freeradius 1.1.1 with Eap/TLS + MYSQL running in slack 10.1 My radius client is a wl5460-AP and i use a pci wireless to auth in ap linked in my radius. But now, my pci wireless link in AP, but nothing passes trought, "ping" not work for any local. I try to execute freeradius in debug mode (radiusd -X), it only show this messages in loop. I can not understand this errors..... Anyone Can Help-me, i need this Radius Server Working.....Thak's to all...... Emerson ***************************************************** rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 75 modcall: leaving group authenticate (returns handled) for request 75 Sending Access-Challenge of id 174 to 10.254.0.254 port 2053 Framed-Compression := Van-Jacobson-TCP-IP Framed-Protocol := PPP Service-Type := Framed-User Framed-MTU := 1500 EAP-Message = 0x014c00060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbdef72a1d8e3188e972218ab20f569f1 Finished request 75 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 74 ID 173 with timestamp 4497f091 Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.254.0.254:2053, id=175, length=191 User-Name = "usuario1" NAS-IP-Address = 10.254.0.254 NAS-Port = 0 Called-Station-Id = "004f62087474" Calling-Station-Id = "0014a53c478d" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x024c000d017573756172696f31 State = 0xbdef72a1d8e3188e972218ab20f569f1 Message-Authenticator = 0x75c255ea144b5d1a2864236a85e01e83 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 76 modcall[authorize]: module "preprocess" returns ok for request 76 rlm_eap: EAP packet type response id 76 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 76 radius_xlat: 'usuario1' rlm_sql (sql): sql_set_user escaped user --> 'usuario1' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'usuario1' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'usuario1' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'usuario1' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'usuario1' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 76 modcall: leaving group authorize (returns updated) for request 76 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 76 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 76 modcall: leaving group authenticate (returns handled) for request 76 Sending Access-Challenge of id 175 to 10.254.0.254 port 2053 Framed-Compression := Van-Jacobson-TCP-IP Framed-Protocol := PPP Service-Type := Framed-User Framed-MTU := 1500 EAP-Message = 0x014d00060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8576b5091495b6b611506711da5f4530 Finished request 76 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 75 ID 174 with timestamp 4497f096 Waking up in 5 seconds...
Emerson ha scritto:
Dear Freeradius user's,
...
Anyone Can Help-me, i need this Radius Server Working.....Thak's to all......
Emerson
.... I see your log. Seem an error similar to my one. In my case, with AP 3Com, was a problem of my certificate on server radius, and also a problem with some extension Microsoft needed for the auth step, missing on my certificate. However Stefan, on this list, suggested me to user SecureW2 supplicant and all my problem is disappeared. See my post at the benginning of month. Alessandro
Hi!
However Stefan, on this list, suggested me to user SecureW2 supplicant and all my problem is disappeared. See my post at the benginning of month.
While that's the best thing to do, there may be people forced to go with the built-in supplicant and that have to care about the ertificate extensions required by MSFT. For TLS, things are even a little worse than for TTLS, since also the client certificate needs to have an OID extension in place. There's a documentation on server and client OIDs on the FreeRADIUS website, see http://www.freeradius.org/doc/EAPTLS.pdf The OIDs are mentioned in chapter 10 (examples on cert generation earlier in the document); the server OID is the same for TTLS. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
participants (3)
-
Alessandro Agostini -
Emerson -
Stefan Winter