3COM sw4500 802.1x Problem

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Jul 18 20:56:16 CEST 2007


Post the whole debug. I won't even pretend that I have a faintest idea
what are you trying to do:

- you have a supplicant doing EAP
- you have set Auth-Type Ldap in users file
- you have set Auth-Type Local in Ldap

In what possible way do you think that's going to work? Can you just
confirm what EAP type is your supplicant trying to do (in that complete
debug).

Ivan Kalik
Kalik Informatika ISP


Dana 18/7/2007, "Aydin KOÇAK" <akocak at turkom.com.tr> piše:

>
>Hello;
>I implemented 802.1x on 3com 4500 switch but i receive an error on my FreeRadius server:
>
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for aydin
>radius_xlat:  '(uid=aydin)'
>radius_xlat:  'ou=Kullanicilar,dc=kocak,dc=org,dc=tr'
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in ou=Kullanicilar,dc=kocak,dc=org,dc=tr, with filter (uid=aydin)
>--- Walking the entire request list ---
>Waking up in 5 seconds...
>Threads: total/active/spare threads = 5/1/4
>rlm_ldap: checking if remote access for aydin is allowed by uid
>rlm_ldap: Added password 61714164102 in check items
>rlm_ldap: looking for check items in directory...
>rlm_ldap: Adding radiusHint as User-Password, value 1111 & op=21
>rlm_ldap: Adding radiusAuthType as Auth-Type, value Local & op=21
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 & op=11
>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 802 & op=11
>rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11
>rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
>rlm_ldap: user aydin authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>  modcall[authorize]: module "ldap" returns ok for request 8
>modcall: leaving group authorize (returns updated) for request 8
>  rad_check_password:  Found Auth-Type Local
>auth: type Local
>auth: No User-Password or CHAP-Password attribute in the request
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>auth: Failed to validate the user.
>
>My proablem is "No User-Password or CHAP-Password attribute in the request" message it is clear but my supplicant (XP and SecureW2) don't
>sent User-Password as is seen :
>[1  User-name                   ] [7 ] [aydin]
>*0.24948670 4500 RDS/8/DEBUG:- 1 -
>[79 EAP-Message                 ] [12] [0201000A01617964696E]
>[80 Message-Autheticator        ] [18] [00000000000000000000000000000000]
>[4  NAS-IP-Address              ] [6 ] [192.168.0.77]
>[32 NAS-Identifier              ] [6 ] [4500]
>[5  NAS-Port                    ] [6 ] [268443649]
>[61 NAS-Port-Type               ] [6 ] [15]
>*0.24949119 4500 RDS/8/DEBUG:- 1 -
>[6  Service-Type                ] [6 ] [2]
>[7  Framed-Protocol             ] [6 ] [1]
>[31 Caller-ID                   ] [16] [303030382D306435332D33623336]
>
>User-Password not in request. How am i sent User-Password ?
>I tried WinXP 802.1x (EAP-MD5) and SecureW2(EAP-MD5).
>My /etc/users file is following :
>---------------------------------
>DEFAULT Auth-Type = LDAP
>        Fall-Through = 1
>---------------------------------
>
>Thanks your relation.
>Aydin Kocak.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list