Hello Alan an members of the list, We are using freeradius and we have the following situation authenticating in wireless access A single user have records on radcheck of Password and Calling-Station-Id but when this user try to logging the server response : Fri Dec 19 13:24:41 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Fri Dec 19 13:24:41 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0) Fri Dec 19 13:24:41 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24) Although in radcheck this user has the following information: +-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | User-Password | := | xxx | | 117 | jvidal | Calling-Station-Id | == | 0:18:4d:66:60:24) Can you give some ideas of the reason of why the authentication is failing. Thanks -- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org --------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
Although in radcheck this user has the following information:
+-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | User-Password | := | xxx | | 117 | jvidal | Calling-Station-Id | == | 0:18:4d:66:60:24)
Can you give some ideas of the reason of why the authentication is failing.
Why User-Password? Freeradius version? Ivan Kalik Kalik Informatika ISP
Ivan, Thanks for replying... El sáb, 20-12-2008 a las 03:31 +0100, tnt@kalik.net escribió:
Although in radcheck this user has the following information:
+-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | User-Password | := | xxx | | 117 | jvidal | Calling-Station-Id | == | 0:18:4d:66:60:24)
Can you give some ideas of the reason of why the authentication is failing.
Why User-Password? Freeradius version?
Freeradius' version is 1.1.7 User-Password make the difference for the use of Calling- Station-Id. We read here that when password is use the mac[Calling-station-Id] doesn`t function.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org --------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
El lun, 22-12-2008 a las 23:43 +0100, tnt@kalik.net escribió:
Why User-Password? Freeradius version?
Freeradius' version is 1.1.7
It should be Cleartext-Password.
This change make that Calling-Station-Id function? Is it possible to check mac address and password at the same time? I will change to Cleartext-Password and I will reply to list...
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org --------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
El mar, 23-12-2008 a las 14:32 +0100, tnt@kalik.net escribió:
This change make that Calling-Station-Id function? Is it possible to check mac address and password at the same time?
Yes.
I changed to Cleartext-Password and rdcheck is like that: mysql> select * from radcheck where UserName = 'jvidal'; +-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | Cleartext-Password | := | 123 | | 125 | jvidal | Calling-Station-Id | == | 00-18-4d-66-60-24 | But radius.log is reporting this: Tue Dec 23 10:40:44 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0) Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24) I think that the query of sql.conf report more than one result and is ther reason of the message No matching... I appreciated your point of view respect to that...
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org --------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
mysql> select * from radcheck where UserName = 'jvidal'; +-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | Cleartext-Password | := | 123 | | 125 | jvidal | Calling-Station-Id | == | 00-18-4d-66-60-24 |
But radius.log is reporting this:
Tue Dec 23 10:40:44 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0)
Can you post the debug? It looks like you haven't copied the request attributes to the tunnel but are trying to check them.
Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24)
Ivan Kalik Kalik Informatika ISP
Can you post the debug? It looks like you haven't copied the request attributes to the tunnel but are trying to check them. I don't understand . What did you mean with debug? radiusd -X ? What is the tunnel? Thanks for your help... El mar, 23-12-2008 a las 22:28 +0100, tnt@kalik.net escribió:
mysql> select * from radcheck where UserName = 'jvidal'; +-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | Cleartext-Password | := | 123 | | 125 | jvidal | Calling-Station-Id | == | 00-18-4d-66-60-24 |
But radius.log is reporting this:
Tue Dec 23 10:40:44 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0)
Can you post the debug? It looks like you haven't copied the request attributes to the tunnel but are trying to check them.
Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24)
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org
--------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
this is the debug for user jvidal and the user didn`t found .... rad_recv: Access-Request packet from host 192.168.0.2:1035, id=100, length=154 User-Name = "jvidal" NAS-IP-Address = 192.168.0.2 NAS-Port = 3 Called-Station-Id = "00-1E-2A-3C-D2-90:NETGEAR2" Calling-Station-Id = "00-18-4D-66-60-24" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000b016a766964616c Message-Authenticator = 0xd245baabd1d9b6ece4c2122fe0b744df Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jvidal", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'jvidal' rlm_sql (sql): sql_set_user escaped user --> 'jvidal' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jvidal' ORDER BY id' rlm_sql (sql): Reservingrlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jvidal' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jvidal' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jvidal' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [jvidal] modcall[authorize]: module "sql" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [jvidal] modcall[authorize]: module "sql" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 100 to 192.168.0.2 port 1035 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x314214bdd05f8421ec27027c7fade7d4 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... El mar, 23-12-2008 a las 22:28 +0100, tnt@kalik.net escribió:
mysql> select * from radcheck where UserName = 'jvidal'; +-----+----------+--------------------+----+-------------------+ | id | UserName | Attribute | op | Value | +-----+----------+--------------------+----+-------------------+ | 116 | jvidal | Cleartext-Password | := | 123 | | 125 | jvidal | Calling-Station-Id | == | 00-18-4d-66-60-24 |
But radius.log is reporting this:
Tue Dec 23 10:40:44 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0)
Can you post the debug? It looks like you haven't copied the request attributes to the tunnel but are trying to check them.
Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24)
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org
--------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
this is the debug for user jvidal and the user didn`t found ....
rad_recv: Access-Request packet from host 192.168.0.2:1035, id=100, length=154 User-Name = "jvidal" NAS-IP-Address = 192.168.0.2 NAS-Port = 3 Called-Station-Id = "00-1E-2A-3C-D2-90:NETGEAR2" Calling-Station-Id = "00-18-4D-66-60-24" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000b016a766964616c Message-Authenticator = 0xd245baabd1d9b6ece4c2122fe0b744df Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jvidal", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'jvidal' rlm_sql (sql): sql_set_user escaped user --> 'jvidal' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jvidal' ORDER BY id' rlm_sql (sql): Reservingrlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jvidal' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jvidal' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jvidal' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [jvidal] modcall[authorize]: module "sql" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [jvidal] modcall[authorize]: module "sql" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 100 to 192.168.0.2 port 1035 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x314214bdd05f8421ec27027c7fade7d4 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds...
This debug (that's a problem with certificates explained in FAQ and eap.conf) doesn't belong to this radius.log output:
But radius.log is reporting this:
Tue Dec 23 10:40:44 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0) Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24)
Ivan Kalik Kalik Informatika ISP
Ivan, Here where are using freeradius to autenticate from an access point in a wireless network. That is why eap is enable. El mié, 24-12-2008 a las 15:24 +0100, tnt@kalik.net escribió:
this is the debug for user jvidal and the user didn`t found ....
rad_recv: Access-Request packet from host 192.168.0.2:1035, id=100, length=154 User-Name = "jvidal" NAS-IP-Address = 192.168.0.2 NAS-Port = 3 Called-Station-Id = "00-1E-2A-3C-D2-90:NETGEAR2" Calling-Station-Id = "00-18-4D-66-60-24" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000b016a766964616c Message-Authenticator = 0xd245baabd1d9b6ece4c2122fe0b744df Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jvidal", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'jvidal' rlm_sql (sql): sql_set_user escaped user --> 'jvidal' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jvidal' ORDER BY id' rlm_sql (sql): Reservingrlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jvidal' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jvidal' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jvidal' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jvidal' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [jvidal] modcall[authorize]: module "sql" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [jvidal] modcall[authorize]: module "sql" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 100 to 192.168.0.2 port 1035 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x314214bdd05f8421ec27027c7fade7d4 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds...
This debug (that's a problem with certificates explained in FAQ and eap.conf) doesn't belong to this radius.log output:
But radius.log is reporting this:
Tue Dec 23 10:40:44 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client radius-server port 0) Tue Dec 23 10:40:44 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [jvidal] Tue Dec 23 10:40:44 2008 : Auth: Login incorrect: [jvidal/<no User-Password attribute>] (from client red-Wifi-FCMC1 port 1 cli 00-18-4D-66-60-24)
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Enrique Acosta Figueredo Adm. de Red en Nodo Infosur, Cfgos, Cuba(Network Administrator at Infosur Node, Cfgos, Cuba) Est modus in rebus Linux User # 301079 http://counter.li.org
--------------------------------------- Red Telematica de Salud - Cuba CNICM - Infomed
Here where are using freeradius to autenticate from an access point in a wireless network. That is why eap is enable.
You haven't imported the ca certificate onto the users machine. And you are using an outdated freeradius version. Ivan Kalik Kalik Informatika ISP
participants (3)
-
Alan DeKok -
Enrique Acosta -
tnt@kalik.net