Freeradius 1.1.6 and Cisco 2000 Wirelss Controller
tnt at kalik.co.yu
tnt at kalik.co.yu
Sat Jul 14 17:25:41 CEST 2007
Radius is doing it's bit. Your problem is with the Controller
configuration. Have you configured a VLAN with ID of 157 on the
Controller? Have you enabled Radius override of default settings on WLAN?
Ivan Kalik
Kalik Informatika ISP
Dana 13/7/2007, "Brian Ertel" <bsertel at amherst.edu> piše:
>Hi,
>
>I've gotten a bit further but am still getting stuck. I have the Cisco
>Wireless Controller configured to hit Freeradius for MAC Address
>Authentication. Freeradius sees the request from the controller and
>sends back the configure attributes from the users file but the
>controller doesn't seem to see it correctly (the desired VLAN tag) and I
>end up in the default VLAN as configured on the controller. Below is my
>users, clients.conf, and radiusd verbose data output. Any thoughts?
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 148.85.34.82:32768, id=35,
>length=174
> User-Name = "00:0e:35:1c:e0:52"
> Called-Station-Id = "00-1a-6d-6b-f0-80:2000test"
> Calling-Station-Id = "00-0e-35-1c-e0-52"
> NAS-Port = 1
> NAS-IP-Address = 148.85.34.82
> NAS-Identifier = "WLC-34-82"
> Airespace-Wlan-Id = 1
> User-Password = "testing"
> Service-Type = Call-Check
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "159"
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "00:0e:35:1c:e0:52", looking up
>realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched entry 00:0e:35:1c:e0:52 at line 80
> modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns ok) for request 0
> rad_check_password: Found Auth-Type Local
>auth: type Local
>auth: user supplied User-Password matches local User-Password Sending
>Access-Accept of id 35 to 148.85.34.82 port 32768
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Type:0 = VLAN
> Tunnel-Private-Group-Id:0 = "157"
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 35 with timestamp 4697de6a Nothing to do.
>Sleeping until we see a request.
>
>
>____________________________________________________________
>
>00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing"
>
> Tunnel-Medium-Type = "IEEE-802",
> Tunnel-Type = "VLAN",
> Tunnel-Private-Group-Id = "157",
>
>______________________________________________________________
>
>client 148.85.34.82 {
> #
> # The shared secret use to "encrypt" and "sign" packets between
> # the NAS and FreeRADIUS. You MUST change this secret from the
> # default, otherwise it's not a secret any more!
> #
> # The secret can be any string, up to 31 characters in length.
> #
> secret = xxxxxxx
>
> #
> # The short name is used as an alias for the fully qualified
> # domain name, or the IP address.
> #
> shortname = controller
>
> #
> # the following three fields are optional, but may be used by
> # checkrad.pl for simultaneous use checks
> #
>
> #
> # The nastype tells 'checkrad.pl' which NAS-specific method to
> # use to query the NAS for simultaneous use.
> #
> # Permitted NAS types are:
> #
> # cisco
> # computone
> # livingston
> # max40xx
> # multitech
> # netserver
> # pathras
> # patton
> # portslave
> # tc
> # usrhiper
> # other # for all other types
>
> #
> nastype = other # localhost isn't usually a NAS...
>
>_____________________
>
>Brian Ertel
>Network Administrator
>Amherst College
>413-542-8320
>bsertel at amherst.edu
>_____________________
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list