freeradius, pap, and HP wireless edge services module
Jesse Rink
jesse-rink at wi.rr.com
Sat Jan 20 00:02:28 CET 2007
Freeradius on CentOS 4.4...
Sorry if this is a trivial question but I'm pretty new to radius in general.
I currently have a MS IAS radius server up and running without problem but
am running into a bit of a problem with freeradius that is likely easily
correctable.
I installed freeradius, and after looking into the documentation on the
wiki, including Practices and Principals for AAA authentication, I thought
what I needed to setup would be really straight forward.
After installing, I editted the users file and added at the beginning, "bob
User-Password := "hello"
At that point, I was able to from another terminal on the same server, use
radtest as per the documentation and it returned a successful response.
I then editted the clients.conf file to the following:
client 192.168.1.3 {
secret = testing123
shortname = hpwesm
nastype = other
}
My client device is a HP Wireless Edge Services Module at IP 192.168.1.3. I
told it (via its' configuration settings) the radius server was at
192.168.1.4, port 1812, and shared secret of "testing123". The Wireless
Edge Services Modules seems to make radius requests over PAP based on what I
was able to get working when I previously set this up under MS IAS and also
received confirmation from HP that the module uses PAP by default.
At this time, I did a radiusd -X and saw the debug information scroll across
the screen, sitting at "ready to process requests"...
However, no requests are coming in. I am attempting this by connecting from
a web browser on a wireless PC, to the Wireless Edge Services module which
brings up an authentication page for user and password. I enter "bob" and
"hello" for credentials and click OK. The freeradius server never reports
anything other than "ready to process requests" though and the webpage
eventually times out with an error message saying my authentication failed
after 90 seconds or so.
Am I missing something obvious here? Why this isn't working?
One thing I noticed on my IAS server is that I had to turn off requiring the
message-authenticator attribute. IAS would NOT respond to radius requests
from the HP wireless edge services module until requiring
message-authenticator attribute was disabled. I'm wondering if this needs
to be disabled as well on freeradius, or whether it's disabled by default...
not sure if that's part of the problem.
Appreciate any feedback as to why the freeradius server doesn't seem to be
showing request attempts from the hp wireless edge services module. Thanks!
(Also very new to linux so I apologize for my lack of knowledge on this)
JR
More information about the Freeradius-Users
mailing list