Freeradius 1.1.6 and Cisco 2000 Wirelss Controller
Brian Ertel
bsertel at amherst.edu
Fri Jul 13 22:32:25 CEST 2007
Hi,
I've gotten a bit further but am still getting stuck. I have the Cisco
Wireless Controller configured to hit Freeradius for MAC Address
Authentication. Freeradius sees the request from the controller and
sends back the configure attributes from the users file but the
controller doesn't seem to see it correctly (the desired VLAN tag) and I
end up in the default VLAN as configured on the controller. Below is my
users, clients.conf, and radiusd verbose data output. Any thoughts?
Ready to process requests.
rad_recv: Access-Request packet from host 148.85.34.82:32768, id=35,
length=174
User-Name = "00:0e:35:1c:e0:52"
Called-Station-Id = "00-1a-6d-6b-f0-80:2000test"
Calling-Station-Id = "00-0e-35-1c-e0-52"
NAS-Port = 1
NAS-IP-Address = 148.85.34.82
NAS-Identifier = "WLC-34-82"
Airespace-Wlan-Id = 1
User-Password = "testing"
Service-Type = Call-Check
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "159"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "00:0e:35:1c:e0:52", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry 00:0e:35:1c:e0:52 at line 80
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password Sending
Access-Accept of id 35 to 148.85.34.82 port 32768
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "157"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 35 with timestamp 4697de6a Nothing to do.
Sleeping until we see a request.
____________________________________________________________
00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing"
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Type = "VLAN",
Tunnel-Private-Group-Id = "157",
______________________________________________________________
client 148.85.34.82 {
#
# The shared secret use to "encrypt" and "sign" packets between
# the NAS and FreeRADIUS. You MUST change this secret from the
# default, otherwise it's not a secret any more!
#
# The secret can be any string, up to 31 characters in length.
#
secret = xxxxxxx
#
# The short name is used as an alias for the fully qualified
# domain name, or the IP address.
#
shortname = controller
#
# the following three fields are optional, but may be used by
# checkrad.pl for simultaneous use checks
#
#
# The nastype tells 'checkrad.pl' which NAS-specific method to
# use to query the NAS for simultaneous use.
#
# Permitted NAS types are:
#
# cisco
# computone
# livingston
# max40xx
# multitech
# netserver
# pathras
# patton
# portslave
# tc
# usrhiper
# other # for all other types
#
nastype = other # localhost isn't usually a NAS...
_____________________
Brian Ertel
Network Administrator
Amherst College
413-542-8320
bsertel at amherst.edu
_____________________
More information about the Freeradius-Users
mailing list