Hello everyone. I need to contact someone who knows how to do or able to use a lynksys WRT54G to authenticate users against a freeradius server, I am having trouble implementing it. I already have the freeradius to work well with a mysql database and try radtest works fine. But wanting to do this through the WRT54G does not work. I need someone who can help me. (I have the default configuration files.) I think it is important to stress that I want the users not authenticate can not access the network, ie, I do not want to use a hotspot system ... I want to deny access to the router if you do not have username and password. I already have a wifidog work well with freeradius and LDAP, but I do not like the solution because users access the network before authenticating. Moreover, to implement this workaround, I could not use the WRT54G because it has little memory and does not enter the open-wrt. I had to use WRT54GL, which are very difficult to find in Argentina. Thanks! Gustavo.
I need to contact someone who knows how to do or able to use a lynksys WRT54G to authenticate users against a freeradius server, I am having trouble implementing it. I already have the freeradius to work well with a mysql database and try radtest works fine. But wanting to do this through the WRT54G does not work. I need someone who can help me. (I have the default configuration files.)
Post the debug of the EAP request. Ivan Kalik Kalik Informatika ISP
This is the complete out of freeradius -X... rad_recv: Access-Request packet from host 10.1.100.4 port 2048, id=0, length=121 User-Name = "pepe" NAS-IP-Address = 10.1.100.4 Called-Station-Id = "002369490b7b" Calling-Station-Id = "001de0249d5b" NAS-Identifier = "002369490b7b" NAS-Port = 34 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020000090170657065 Message-Authenticator = 0x199111463bd0fbb17cc6f7c7cca296c0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "pepe", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> pepe rlm_sql (sql): sql_set_user escaped user --> 'pepe' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pepe' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pepe' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pepe' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pepe' ORDER BY id expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'pepe' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM usergroup WHERE username = 'pepe' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 10.1.100.4 port 2048 EAP-Message = 0x0101001604104fac8e1ba0cc711fccd80c8003211c3c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x102df74b102cf319cc7f1766ffcb4a81 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.100.4 port 2048, id=0, length=136 Cleaning up request 10 ID 0 with timestamp +307 User-Name = "pepe" NAS-IP-Address = 10.1.100.4 Called-Station-Id = "002369490b7b" Calling-Station-Id = "001de0249d5b" NAS-Identifier = "002369490b7b" NAS-Port = 34 Framed-MTU = 1400 State = 0x102df74b102cf319cc7f1766ffcb4a81 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0x48a397b472491fe98149d6233fe8708c +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "pepe", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> pepe rlm_sql (sql): sql_set_user escaped user --> 'pepe' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pepe' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pepe' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pepe' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pepe' ORDER BY id expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'pepe' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM usergroup WHERE username = 'pepe' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [pepe/<via Auth-Type = EAP>] (from client routers-agro port 34 cli 001de0249d5b) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> pepe attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 11 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 11 Sending Access-Reject of id 0 to 10.1.100.4 port 2048 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Ivan Kalik escribió:
I need to contact someone who knows how to do or able to use a lynksys WRT54G to authenticate users against a freeradius server, I am having trouble implementing it. I already have the freeradius to work well with a mysql database and try radtest works fine. But wanting to do this through the WRT54G does not work. I need someone who can help me. (I have the default configuration files.)
Post the debug of the EAP request.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Gustavo Marcello -
Ivan Kalik