thx 4 openSSL & one more question
Hi Thanks for last advices with freeradius installations + peap on debian lenny Now i have no problem with enabling peap :) this time I'm asking for help with some other problem: I'm trying to enable WPA2 enterprice authentication on my accesspoints. When trying to auth my wireless client I'm getting sth like this in log : Wed May 5 15:09:25 2010 : Auth: Login incorrect: [karol/<no User-Password attribute>] (from client AP1 port 0 cli 0022431380c4) where : 0022431380c4 is my wireless mac adress (laptop) client AP1 is my Access Point client from clients.conf karol - is my user from users.conf it looks like freeradius don't want to look inside the password field and can't recognize a laptop ip (getting mac) Please give me some advices - what's next ? Here is my debug. Kill-9:/home/kornel# freeradius -X FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 3 2010 at 15:51:52 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/snmp.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = yes auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = yes dead_time = 120 wake_all_if_all_dead = no } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } * client 172.16.0.16 { ----------------------Client ip adress* require_message_authenticator = no secret = "tajne1234" shortname = "eee" } * client 192.168.10.50 { ----------------------AP ip adress* require_message_authenticator = no secret = "tajne1234" shortname = "AP1" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { modules { } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1812 } listen { type = "acct" ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. *AND here is an authenticate attempt debug* rad_recv: Access-Request packet from host 192.168.10.50 port 2054, id=148, length=169 User-Name = "karol" * NAS-IP-Address = 192.168.10.50 ----------------------AP ip adress* NAS-Port = 0 * Called-Station-Id = "00265abab28d" ----------------------AP mac adress Calling-Station-Id = "0022431380c4" ----------------------Client mac adress* NAS-Identifier = "Realtek Access Point. 8186" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000b016d617263696e Message-Authenticator = 0x2ea50a302a451ed3b32b748a23fe00e3 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [karol/<no User-Password attribute>] (from client AP1 port 0 cli 0022431380c4) Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 148 to 192.168.10.50 port 2054 Waking up in 4.9 seconds. Client's system is eeebuntu and i'm sure that's on client and on AP everything is ok because when i'm connecting to another freeradius server - it's working fine (unfortunatelly i don't have an acces to those confs) in addition - temporarily I accepted all connections from those two ip's on my firewall to have 100% sure that's not a connection issue. Thank you for your time and knowledge share. -- LAN Administrator of DS14 Kornel Kornatka room 529
ds14.kornel wrote:
Hi Thanks for last advices with freeradius installations + peap on debian lenny Now i have no problem with enabling peap :)
...
rad_recv: Access-Request packet from host 192.168.10.50 port 2054, id=148, length=169 ... Message-Authenticator = 0x2ea50a302a451ed3b32b748a23fe00e3 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
You have deleted everything from raddb/sites-enabled/ Why? That is breaking the server. Stop it. Use the default install. It's really not that hard. Alan DeKok.
participants (2)
-
Alan DeKok -
ds14.kornel