Cisco Access Points

Riccardo Veraldi Riccardo.Veraldi at cnaf.infn.it
Mon May 14 18:37:00 CEST 2007 

radiusd -A -X

an tell what you see on the radius server


thanks

Rick


Christian Ejlertsen wrote:
>
> Hello to all
>
> I’m very new at this whole radius deal so I hope I can find a kind 
> soul that could help me with this setup.
>
> I’m sorry if this is described somewhere I’ve been looking around and 
> I don’t seem to find this.
>
> For now i’m trying to get a very simple setup to work
>
> I have a Cisco 1121G AP which I want to use with my freeeradius server 
> EAP/PEAP
>
> Nothing fancy just a user local on the freeradius server
>
> I can’t get the user credentials to authenticate
>
> It’s a Windows machine that I trying to authenticate with and the 
> wireless netcard is set to use EAP (PEAP), no certificates and 
> EAP-MSCHAPv2 as authentication method.
>
> I have a user in the radius users file called
>
> wifiuser User-Password := "SomePasswordHere"
>
> MS-CHAP-Use-NTLM-Auth := 0
>
> In the clients.conf I have
>
> client 192.168.150.250 {
>
> secret = SomePasswordHere
>
> shortname = CiscoAP1121
>
> nastype = cisco
>
> }
>
> In the eap.conf I unmarked
>
> default_eap_type = mschapv2
>
> Then I read this in the eap.conf
>
> # This module is the *Microsoft* implementation of MS-CHAPv2
>
> # in EAP. There is another (incompatible) implementation
>
> # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
>
> # currently support.
>
> #
>
> mschapv2 {
>
> }
>
> Does this apply to my setup and if so what is an alternative to what 
> I’m trying todo?
>
> When I debug on the cisco AP I get the following lines that are odd 
> (Full log in bottom of the mail)
>
> *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12
>
> *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA]
>
> *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3
>
> *Apr 23 19:50:57.299: RADIUS: 33
>
> It’s a pretty standard Freeradius config havn’t done anything to it 
> but added some users and one other client.
>
> Thank you in advance
>
> Christian
>
> -------- LOGS BELOW ---------
>
> All I get in radius.log is
>
> Mon May 14 19:50:20 2007 : Info: rlm_eap_md5: Issuing Challenge
>
> --------------- CISCO DEBUG RADIUS -----------------------
>
> *Apr 23 19:50:57.288: RADIUS/ENCODE(000000D3):Orig. component type = DOT11
>
> *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [263] 12
>
> *Apr 23 19:50:57.288: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA]
>
> *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [156] 3
>
> *Apr 23 19:50:57.288: RADIUS: 33 [3]
>
> *Apr 23 19:50:57.288: RADIUS(000000D3): Storing nasport 336 in rad_db
>
> *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>
> *Apr 23 19:50:57.289: RADIUS/ENCODE(000000D3): acct_session_id: 82
>
> *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>
> *Apr 23 19:50:57.289: RADIUS(000000D3): sending
>
> *Apr 23 19:50:57.290: RADIUS(000000D3): Send Access-Request to 
> 192.168.150.1:1812 id 1645/33, len 135
>
> *Apr 23 19:50:57.290: RADIUS: authenticator EA B6 33 72 6C 09 8E CF - 
> 84 B1 60 BB 54 B8 55 BF
>
> *Apr 23 19:50:57.290: RADIUS: User-Name [1] 10 "wifiuser"
>
> *Apr 23 19:50:57.290: RADIUS: Framed-MTU [12] 6 1400
>
> *Apr 23 19:50:57.290: RADIUS: Called-Station-Id [30] 16 "0017.0e86.2cb0"
>
> *Apr 23 19:50:57.290: RADIUS: Calling-Station-Id [31] 16 "000e.35e6.0bd0"
>
> *Apr 23 19:50:57.290: RADIUS: Service-Type [6] 6 Login [1]
>
> *Apr 23 19:50:57.291: RADIUS: Message-Authenticato[80] 18 *
>
> *Apr 23 19:50:57.291: RADIUS: EAP-Message [79] 15
>
> *Apr 23 19:50:57.291: RADIUS: 02 02 00 0D 01 77 69 66 69 75 73 65 72 
> [?????wifiuser]
>
> *Apr 23 19:50:57.291: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
>
> *Apr 23 19:50:57.292: RADIUS: NAS-Port [5] 6 336
>
> *Apr 23 19:50:57.292: RADIUS: NAS-IP-Address [4] 6 192.168.150.250
>
> *Apr 23 19:50:57.292: RADIUS: Nas-Identifier [32] 10 "VOICE-AP"
>
> *Apr 23 19:50:57.293: RADIUS: Received from id 1645/33 
> 192.168.150.1:1812, Access-Challenge, len 80
>
> *Apr 23 19:50:57.294: RADIUS: authenticator F9 A4 EE 6B E1 5A 8A AB - 
> F5 BD 19 CA 96 33 48 CA
>
> *Apr 23 19:50:57.294: RADIUS: EAP-Message [79] 24
>
> *Apr 23 19:50:57.294: RADIUS: 01 03 00 16 04 10 41 8F DB 50 B7 94 9A 
> 30 DF CE [??????A??P???0??]
>
> *Apr 23 19:50:57.294: RADIUS: 60 DA D1 51 EB 08 [`??Q??]
>
> *Apr 23 19:50:57.294: RADIUS: Message-Authenticato[80] 18 *
>
> *Apr 23 19:50:57.294: RADIUS: State [24] 18
>
> *Apr 23 19:50:57.295: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF 
> 21 54 FB [?SV????????F?!T?]
>
> *Apr 23 19:50:57.295: RADIUS(000000D3): Received from id 1645/33
>
> *Apr 23 19:50:57.296: RADIUS/DECODE: EAP-Message fragments, 22, total 
> 22 bytes
>
> *Apr 23 19:50:57.298: RADIUS/ENCODE(000000D3):Orig. component type = DOT11
>
> *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12
>
> *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA]
>
> *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3
>
> *Apr 23 19:50:57.299: RADIUS: 33 [3]
>
> *Apr 23 19:50:57.299: RADIUS(000000D3): Using existing nas_port 336
>
> *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>
> *Apr 23 19:50:57.300: RADIUS/ENCODE(000000D3): acct_session_id: 82
>
> *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>
> *Apr 23 19:50:57.300: RADIUS(000000D3): sending
>
> *Apr 23 19:50:57.300: RADIUS(000000D3): Send Access-Request to 
> 192.168.150.1:1812 id 1645/34, len 146
>
> *Apr 23 19:50:57.300: RADIUS: authenticator 56 F3 92 78 A7 7A 09 FA - 
> 99 29 51 99 7D E0 9F B3
>
> *Apr 23 19:50:57.301: RADIUS: User-Name [1] 10 "wifiuser"
>
> *Apr 23 19:50:57.301: RADIUS: Framed-MTU [12] 6 1400
>
> *Apr 23 19:50:57.301: RADIUS: Called-Station-Id [30] 16 "0017.0e86.2cb0"
>
> *Apr 23 19:50:57.301: RADIUS: Calling-Station-Id [31] 16 "000e.35e6.0bd0"
>
> *Apr 23 19:50:57.301: RADIUS: Service-Type [6] 6 Login [1]
>
> *Apr 23 19:50:57.302: RADIUS: Message-Authenticato[80] 18 *
>
> *Apr 23 19:50:57.302: RADIUS: EAP-Message [79] 8
>
> *Apr 23 19:50:57.302: RADIUS: 02 03 00 06 03 19 [??????]
>
> *Apr 23 19:50:57.302: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
>
> *Apr 23 19:50:57.302: RADIUS: NAS-Port [5] 6 336
>
> *Apr 23 19:50:57.302: RADIUS: State [24] 18
>
> *Apr 23 19:50:57.302: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF 
> 21 54 FB [?SV????????F?!T?]
>
> *Apr 23 19:50:57.302: RADIUS: NAS-IP-Address [4] 6 192.168.150.250
>
> *Apr 23 19:50:57.303: RADIUS: Nas-Identifier [32] 10 "VOICE-AP"
>
> *Apr 23 19:51:02.527: RADIUS: no sg in radius-timers: ctx 0xC2506C sg 
> 0x0000
>
> *Apr 23 19:51:02.527: RADIUS: Retransmit to (192.168.150.1:1812,1813) 
> for id 1645/34
>
> *Apr 23 19:51:02.527: RADIUS: Received from id 1645/34 
> 192.168.150.1:1812, Access-Reject, len 44
>
> *Apr 23 19:51:02.528: RADIUS: authenticator 27 C2 B4 DD 14 F9 C3 C0 - 
> DF 88 BD B5 DC 0D 6C 63
>
> *Apr 23 19:51:02.528: RADIUS: EAP-Message [79] 6
>
> *Apr 23 19:51:02.528: RADIUS: 04 03 00 04 [????]
>
> *Apr 23 19:51:02.528: RADIUS: Message-Authenticato[80] 18 *
>
> *Apr 23 19:51:02.529: RADIUS(000000D3): Received from id 1645/34
>
> *Apr 23 19:51:02.529: RADIUS/DECODE: EAP-Message fragments, 4, total 4 
> bytes
>
> ------------------------ CISCO DEBUG RADIUS END ---------------------
>
> ------------------------------------------------------------------------
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list