freeradius eap-ttls pap ldap
tnt at kalik.co.yu
tnt at kalik.co.yu
Sat Jun 9 00:56:06 CEST 2007
Does securew2 support EAP-GTC?
Ivan Kalik
Kalik Informatika ISP
Dana 8/6/2007, "emmcosta" <emmcosta at gmail.com> piše:
>Hi everyone,
>
>I have a problem with my configuration, authorize is ok but
>authentication fail.I use freeradius 1.1.6 e openldap 2.2.13 and use
>windows xp for client with securew2.
>My access-point is Cisco aironet 1100.
>
>My radiusd.conf:
>
>...........
> ldap {
> server = "localhost"
> identity = "cn=root,dc=teste,dc=pt"
> password = secret
> basedn = "dc=teste,dc=pt"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> base_filter = "(objectclass=radiusprofile)"
> start_tls = no
> access_attr = "uid"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> password_attribute = userPassword
> timeout = 4
> timelimit = 3
> net_timeout = 1
> set_auth_type = no
> }
>...............
>authorize {
> preprocess
> ldap
> pap
>}
>
>authenticate{
> Auth-Type PAP {
> pap
> }
> Auth-Type LDAP {
> ldap
> }
> eap
>
>}
>
>My eap.conf:
>
>eap{
> default_eap_type = ttls
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco_accounting_username_bug = yes
> md5 {
> }
> leap {
> }
> gtc {
> auth_type = PAP
> }
> tls {
> private_key_password = whatever
> private_key_file = ${raddbdir}/certs/cert-srv.pem
>
> # If Private key & Certificate are located in
> # the same file, then private_key_file &
> # certificate_file must contain the same file
> # name.
> certificate_file = ${raddbdir}/certs/cert-srv.pem
>
> # Trusted Root CA list
> CA_file = ${raddbdir}/certs/demoCA/cacert.pem
>
> dh_file = ${raddbdir}/certs/dh
> random_file = ${raddbdir}/certs/random
> }
> ttls {
> default_eap_type = gtc
> use_tunneled_reply = yes
> }
>}
>
>The log:
>
>.............
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for user_test
>radius_xlat: '(uid=user_test)'
>radius_xlat: 'dc=teste,dc=pt'
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in dc=teste,dc=pt, with filter (uid=user_test)
>Waking up in 1 seconds...
>Threads: total/active/spare threads = 5/1/4
>rlm_ldap: checking if remote access for user_test is allowed by uid
>rlm_ldap: Added password {CRYPT}HkDWb49nxN4Zo in check items
>rlm_ldap: looking for check items in directory...
>rlm_ldap: Adding userPassword as User-Password, value
>{CRYPT}HkDWb49nxN4Zo & op=21
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: user gilberto authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 2
>rlm_pap: No clear-text password in the request. Not performing PAP.
> modcall[authorize]: module "pap" returns noop for request 2
>modcall: leaving group authorize (returns ok) for request 2
>auth: No User-Password or CHAP-Password attribute in the request
>auth: Failed to validate the user.
>Login incorrect: [user_test/<no User-Password attribute>] (from client
>192.168.1.69 port 371 cli 0040.96a2.24f3)
>Delaying request 2 for 1 seconds
>Finished request 2
>Going to the next request
>Thread 3 waiting to be assigned a request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>Threads: total/active/spare threads = 5/0/5
>--- Walking the entire request list ---
>Sending Access-Reject of id 121 to 192.168.1.69 port 1645
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 2 ID 121 with timestamp 4669d1cd
>Nothing to do. Sleeping until we see a request.
>
>
>Anyone can help-me.
>
>Best regards
>
>--
>/emmc
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list