Problem testing using NTradping or radtest
I am running freeradius 2.2.0 configure as eduroam servers which is authenticate to Active directory Here is my eduroam site-enable file (virtual server): server eduroam { authorize { update request { Operator-Name := "1mdx.ac.uk" # the literal number "1" above is an important prefix! Do not change it! } auth_log suffix eap } authenticate { ntlm_auth eap } preacct { suffix } accounting { } post-auth { reply_log f_ticks Post-Auth-Type REJECT { reply_log f_ticks } } pre-proxy { pre_proxy_log if("%{Packet-Type}" != "Accounting-Request") { attr_filter.pre-proxy } } post-proxy { post_proxy_log attr_filter.post-proxy } The configuration works fine when I tested it from wireless device such as windows PC, iPhone or android device etc. However when I tested it using NTRadPing or radtest that is “radtest testuser testpast localhost 1812 testing123” I got Access-Reject When I logged in using the credential testuser from a wireless device I am able to authenticate but not on NTradping or using radtest. Testuser is active directory user account and where NTRadping was executed from is in cliect.conf file, localhost and testing123 (share secret) are also allowed in client.conf . However I got the following error message: [eap] No EAP-Message, not doing EAP ++[eap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Can you help? Please
trevor obba wrote:
I am running freeradius 2.2.0 configure as eduroam servers which is authenticate to Active directory Here is my eduroam site-enable file (virtual server):
Which doesn't allow PAP authentication.
The configuration works fine when I tested it from wireless device such as windows PC, iPhone or android device etc.
Because you allowed EAP authentication.
However when I tested it using NTRadPing or radtest that is “radtest testuser testpast localhost 1812 testing123” I got Access-Reject
Because you didn't allow PAP authentication.
When I logged in using the credential testuser from a wireless device I am able to authenticate but not on NTradping or using radtest. Testuser is active directory user account
And the "eduroam" virtual server doesn't check AD.
Can you help? Please
Configure the "eduroam" server to check AD for PAP authentication. Or, ignore the problem. People using eduroam shouldn't be using PAP. If you want to *test* authentication, read the top of raddb/sites-available/inner-tunnel. It tells you how to test PAP authentication. Alan DeKok.
Neither of those methods are EAP methods. If you want to do EAP from command line then use something like eapol_test (part of WPA Supplicant package). Full debug output is needed. What you have sent is useless for us to help you with. alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 13/11/13 16:45, trevor obba wrote:
The configuration works fine when I tested it from wireless device such as windows PC, iPhone or android device etc. However when I tested it using NTRadPing or radtest that is “radtest testuser testpast localhost 1812 testing123” I got Access-Reject
Download the wpa_supplicant sources and compile eapol_test, and use that for testing.
On Wed, Nov 13, 2013 at 04:45:27PM +0000, trevor obba wrote:
However when I tested it using NTRadPing or radtest that is “radtest testuser testpast localhost 1812 testing123” I got Access-Reject When I logged in using the credential testuser from a wireless device I am able to authenticate but not on NTradping or using radtest.
radtest doesn't do eap. Try eapol_test (from the wpasupplicant package). Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (5)
-
Alan Buxey -
Alan DeKok -
Matthew Newton -
Phil Mayers -
trevor obba