Cisco Access Points
Christian Ejlertsen
chr.ejlertsen at has.dk
Thu May 17 12:17:03 CEST 2007
That was it.
Removed a few hash marks in the peap and tls config and it ran.
Thank you for the quick responses everyone.
Regards
Christian
> -----Original Message-----
> From: freeradius-users-bounces+chr.ejlertsen=has.dk at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+chr.ejlertsen=has.dk at lists.freeradius.org] On Behalf Of
> tnt at kalik.co.yu
> Sent: 14. maj 2007 21:30
> To: FreeRadius users mailing list
> Subject: RE: Cisco Access Points
>
> You haven't configured peap and tls in eap.conf.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 14/5/2007, "Christian Ejlertsen" <chr.ejlertsen at has.dk> piše:
>
> >This is what I get.
> >
> >triagia ~ # radiusd -A -X
> >Starting - reading configuration files ...
> >reread_config: reading radiusd.conf
> >Config: including file: /etc/raddb/proxy.conf
> >Config: including file: /etc/raddb/clients.conf
> >Config: including file: /etc/raddb/snmp.conf
> >Config: including file: /etc/raddb/eap.conf
> >Config: including file: /etc/raddb/sql.conf
> > main: prefix = "/usr"
> > main: localstatedir = "/var"
> > main: logdir = "/var/log/radius"
> > main: libdir = "/usr/lib"
> > main: radacctdir = "/var/log/radius/radacct"
> > main: hostname_lookups = no
> > main: max_request_time = 30
> > main: cleanup_delay = 5
> > main: max_requests = 1024
> > main: delete_blocked_requests = 0
> > main: port = 0
> > main: allow_core_dumps = no
> > main: log_stripped_names = no
> > main: log_file = "/var/log/radius/radius.log"
> > main: log_auth = no
> > main: log_auth_badpass = no
> > main: log_auth_goodpass = no
> > main: pidfile = "/var/run/radiusd/radiusd.pid"
> > main: user = "radiusd"
> > main: group = "radiusd"
> > main: usercollide = no
> > main: lower_user = "no"
> > main: lower_pass = "no"
> > main: nospace_user = "no"
> > main: nospace_pass = "no"
> > main: checkrad = "/usr/sbin/checkrad"
> > main: proxy_requests = yes
> > proxy: retry_delay = 5
> > proxy: retry_count = 3
> > proxy: synchronous = no
> > proxy: default_fallback = yes
> > proxy: dead_time = 120
> > proxy: post_proxy_authorize = no
> > proxy: wake_all_if_all_dead = no
> > security: max_attributes = 200
> > security: reject_delay = 1
> > security: status_server = no
> > main: debug_level = 0
> >read_config_files: reading dictionary
> >read_config_files: reading naslist
> >Using deprecated naslist file. Support for this will go away soon.
> >read_config_files: reading clients
> >read_config_files: reading realms
> >radiusd: entering modules setup
> >Module: Library search path is /usr/lib
> >Module: Loaded exec
> > exec: wait = yes
> > exec: program = "(null)"
> > exec: input_pairs = "request"
> > exec: output_pairs = "(null)"
> > exec: packet_type = "(null)"
> >rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> >Module: Instantiated exec (exec)
> >Module: Loaded expr
> >Module: Instantiated expr (expr)
> >Module: Loaded PAP
> > pap: encryption_scheme = "crypt"
> > pap: auto_header = no
> >Module: Instantiated pap (pap)
> >Module: Loaded CHAP
> >Module: Instantiated chap (chap)
> >Module: Loaded MS-CHAP
> > mschap: use_mppe = yes
> > mschap: require_encryption = no
> > mschap: require_strong = no
> > mschap: with_ntdomain_hack = no
> > mschap: passwd = "(null)"
> > mschap: ntlm_auth = "(null)"
> >Module: Instantiated mschap (mschap)
> >Module: Loaded System
> > unix: cache = no
> > unix: passwd = "(null)"
> > unix: shadow = "(null)"
> > unix: group = "(null)"
> > unix: radwtmp = "/var/log/radius/radwtmp"
> > unix: usegroup = no
> > unix: cache_reload = 600
> >Module: Instantiated unix (unix)
> >Module: Loaded eap
> > eap: default_eap_type = "md5"
> > eap: timer_expire = 60
> > eap: ignore_unknown_eap_types = no
> > eap: cisco_accounting_username_bug = no
> >rlm_eap: Loaded and initialized type md5
> >rlm_eap: Loaded and initialized type leap
> > gtc: challenge = "Password: "
> > gtc: auth_type = "PAP"
> >rlm_eap: Loaded and initialized type gtc
> > mschapv2: with_ntdomain_hack = no
> >rlm_eap: Loaded and initialized type mschapv2
> >Module: Instantiated eap (eap)
> >Module: Loaded preprocess
> > preprocess: huntgroups = "/etc/raddb/huntgroups"
> > preprocess: hints = "/etc/raddb/hints"
> > preprocess: with_ascend_hack = no
> > preprocess: ascend_channels_per_line = 23
> > preprocess: with_ntdomain_hack = no
> > preprocess: with_specialix_jetstream_hack = no
> > preprocess: with_cisco_vsa_hack = no
> > preprocess: with_alvarion_vsa_hack = no
> >Module: Instantiated preprocess (preprocess)
> >Module: Loaded realm
> > realm: format = "suffix"
> > realm: delimiter = "@"
> > realm: ignore_default = no
> > realm: ignore_null = no
> >Module: Instantiated realm (suffix)
> >Module: Loaded files
> > files: usersfile = "/etc/raddb/users"
> > files: acctusersfile = "/etc/raddb/acct_users"
> > files: preproxy_usersfile = "/etc/raddb/preproxy_users"
> > files: compat = "no"
> >[/etc/raddb/users]:65 WARNING! Check item "MS-CHAP-Use-NTLM-Auth" ?found
> in
> >reply item list for user "wifiuser". ?This attribute MUST go on the first
> >line with the other check items
> >Module: Instantiated files (files)
> >Module: Loaded Acct-Unique-Session-Id
> > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> >Client-IP-Address, NAS-Port"
> >Module: Instantiated acct_unique (acct_unique)
> >Module: Loaded detail
> > detail: detailfile =
> >"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (detail)
> >Module: Loaded radutmp
> > radutmp: filename = "/var/log/radius/radutmp"
> > radutmp: username = "%{User-Name}"
> > radutmp: case_sensitive = yes
> > radutmp: check_with_nas = yes
> > radutmp: perm = 384
> > radutmp: callerid = yes
> >Module: Instantiated radutmp (radutmp)
> >Listening on authentication *:1812
> >Listening on accounting *:1813
> >Ready to process requests.
> >rad_recv: Access-Request packet from host 192.168.150.250:1645, id=11,
> >length=135
> > User-Name = "wifiuser"
> > Framed-MTU = 1400
> > Called-Station-Id = "0017.0e86.2cb0"
> > Calling-Station-Id = "000e.35e6.0bd0"
> > Service-Type = Login-User
> > Message-Authenticator = 0xcef467e8a3b24b5c3eef6b1ebfea8bb1
> > EAP-Message = 0x0202000d017769666975736572
> > NAS-Port-Type = Wireless-802.11
> > NAS-Port = 346
> > NAS-IP-Address = 192.168.150.250
> > NAS-Identifier = "VOICE-AP"
> > Processing the authorize section of radiusd.conf
> >modcall: entering group authorize for request 0
> > modcall[authorize]: module "preprocess" returns ok for request 0
> > modcall[authorize]: module "chap" returns noop for request 0
> > modcall[authorize]: module "mschap" returns noop for request 0
> > rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 0
> > rlm_eap: EAP packet type response id 2 length 13
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 0
> > users: Matched entry wifiuser at line 65
> > modcall[authorize]: module "files" returns ok for request 0
> >modcall: leaving group authorize (returns updated) for request 0
> > rad_check_password: Found Auth-Type EAP
> >auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> >modcall: entering group authenticate for request 0
> > rlm_eap: EAP Identity
> > rlm_eap: processing type md5
> >rlm_eap_md5: Issuing Challenge
> > modcall[authenticate]: module "eap" returns handled for request 0
> >modcall: leaving group authenticate (returns handled) for request 0
> >Sending Access-Challenge of id 11 to 192.168.150.250 port 1645
> > EAP-Message = 0x010300160410ec940a7577c4d10df211a4ddfebde7ca
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x977d6e6a369cd2ece8aca6a5b16ab920
> >Finished request 0
> >Going to the next request
> >--- Walking the entire request list ---
> >Waking up in 6 seconds...
> >rad_recv: Access-Request packet from host 192.168.150.250:1645, id=12,
> >length=146
> > User-Name = "wifiuser"
> > Framed-MTU = 1400
> > Called-Station-Id = "0017.0e86.2cb0"
> > Calling-Station-Id = "000e.35e6.0bd0"
> > Service-Type = Login-User
> > Message-Authenticator = 0x20d261fff76441857c609d0742b6ce64
> > EAP-Message = 0x020300060319
> > NAS-Port-Type = Wireless-802.11
> > NAS-Port = 346
> > State = 0x977d6e6a369cd2ece8aca6a5b16ab920
> > NAS-IP-Address = 192.168.150.250
> > NAS-Identifier = "VOICE-AP"
> > Processing the authorize section of radiusd.conf
> >modcall: entering group authorize for request 1
> > modcall[authorize]: module "preprocess" returns ok for request 1
> > modcall[authorize]: module "chap" returns noop for request 1
> > modcall[authorize]: module "mschap" returns noop for request 1
> > rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 1
> > rlm_eap: EAP packet type response id 3 length 6
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 1
> > users: Matched entry wifiuser at line 65
> > modcall[authorize]: module "files" returns ok for request 1
> >modcall: leaving group authorize (returns updated) for request 1
> > rad_check_password: Found Auth-Type EAP
> >auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> >modcall: entering group authenticate for request 1
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP NAK
> > rlm_eap: EAP-NAK asked for EAP-Type/peap
> > rlm_eap: No such EAP type peap
> > rlm_eap: Failed in EAP select
> > modcall[authenticate]: module "eap" returns invalid for request 1
> >modcall: leaving group authenticate (returns invalid) for request 1
> >auth: Failed to validate the user.
> >Delaying request 1 for 1 seconds
> >Finished request 1
> >Going to the next request
> >Waking up in 6 seconds...
> >rad_recv: Access-Request packet from host 192.168.150.250:1645, id=12,
> >length=146
> >Sending Access-Reject of id 12 to 192.168.150.250 port 1645
> > EAP-Message = 0x04030004
> > Message-Authenticator = 0x00000000000000000000000000000000
> >--- Walking the entire request list ---
> >Waking up in 1 seconds...
> >rad_recv: Access-Request packet from host 192.168.150.250:1645, id=13,
> >length=135
> > User-Name = "wifiuser"
> > Framed-MTU = 1400
> > Called-Station-Id = "0017.0e86.2cb0"
> > Calling-Station-Id = "000e.35e6.0bd0"
> > Service-Type = Login-User
> > Message-Authenticator = 0xccf58d6473294ed5df1a339437f920a6
> > EAP-Message = 0x0201000d017769666975736572
> > NAS-Port-Type = Wireless-802.11
> > NAS-Port = 347
> > NAS-IP-Address = 192.168.150.250
> > NAS-Identifier = "VOICE-AP"
> > Processing the authorize section of radiusd.conf
> >modcall: entering group authorize for request 2
> > modcall[authorize]: module "preprocess" returns ok for request 2
> > modcall[authorize]: module "chap" returns noop for request 2
> > modcall[authorize]: module "mschap" returns noop for request 2
> > rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 2
> > rlm_eap: EAP packet type response id 1 length 13
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 2
> > users: Matched entry wifiuser at line 65
> > modcall[authorize]: module "files" returns ok for request 2
> >modcall: leaving group authorize (returns updated) for request 2
> > rad_check_password: Found Auth-Type EAP
> >auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> >modcall: entering group authenticate for request 2
> > rlm_eap: EAP Identity
> > rlm_eap: processing type md5
> >rlm_eap_md5: Issuing Challenge
> > modcall[authenticate]: module "eap" returns handled for request 2
> >modcall: leaving group authenticate (returns handled) for request 2
> >Sending Access-Challenge of id 13 to 192.168.150.250 port 1645
> > EAP-Message = 0x0102001604104ca975f3dc58a7f606b7e2201a8ab6c9
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x1bdaf4a324a3a44870d446bb2de9dac1
> >Finished request 2
> >Going to the next request
> >Cleaning up request 0 ID 11 with timestamp 4648921b
> >Cleaning up request 1 ID 12 with timestamp 4648921b
> >Waking up in 1 seconds...
> >rad_recv: Access-Request packet from host 192.168.150.250:1645, id=14,
> >length=135
> > User-Name = "wifiuser"
> > Framed-MTU = 1400
> > Called-Station-Id = "0017.0e86.2cb0"
> > Calling-Station-Id = "000e.35e6.0bd0"
> > Service-Type = Login-User
> > Message-Authenticator = 0x078522217ed23ba2b860e12164af494c
> > EAP-Message = 0x0203000d017769666975736572
> > NAS-Port-Type = Wireless-802.11
> > NAS-Port = 347
> > NAS-IP-Address = 192.168.150.250
> > NAS-Identifier = "VOICE-AP"
> > Processing the authorize section of radiusd.conf
> >modcall: entering group authorize for request 3
> > modcall[authorize]: module "preprocess" returns ok for request 3
> > modcall[authorize]: module "chap" returns noop for request 3
> > modcall[authorize]: module "mschap" returns noop for request 3
> > rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 3
> > rlm_eap: EAP packet type response id 3 length 13
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 3
> > users: Matched entry wifiuser at line 65
> > modcall[authorize]: module "files" returns ok for request 3
> >modcall: leaving group authorize (returns updated) for request 3
> > rad_check_password: Found Auth-Type EAP
> >auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> >modcall: entering group authenticate for request 3
> > rlm_eap: EAP Identity
> > rlm_eap: processing type md5
> >rlm_eap_md5: Issuing Challenge
> > modcall[authenticate]: module "eap" returns handled for request 3
> >modcall: leaving group authenticate (returns handled) for request 3
> >Sending Access-Challenge of id 14 to 192.168.150.250 port 1645
> > EAP-Message = 0x010400160410da2d678cd3e4a1a4339bc82f9880c72a
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x807cb82738bed6f381363d412f391090
> >Finished request 3
> >Going to the next request
> >Waking up in 1 seconds...
> >rad_recv: Access-Request packet from host 192.168.150.250:1645, id=15,
> >length=146
> > User-Name = "wifiuser"
> > Framed-MTU = 1400
> > Called-Station-Id = "0017.0e86.2cb0"
> > Calling-Station-Id = "000e.35e6.0bd0"
> > Service-Type = Login-User
> > Message-Authenticator = 0x51d62b2354da5f1a1f4dcf989ac44156
> > EAP-Message = 0x020400060319
> > NAS-Port-Type = Wireless-802.11
> > NAS-Port = 347
> > State = 0x807cb82738bed6f381363d412f391090
> > NAS-IP-Address = 192.168.150.250
> > NAS-Identifier = "VOICE-AP"
> > Processing the authorize section of radiusd.conf
> >modcall: entering group authorize for request 4
> > modcall[authorize]: module "preprocess" returns ok for request 4
> > modcall[authorize]: module "chap" returns noop for request 4
> > modcall[authorize]: module "mschap" returns noop for request 4
> > rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 4
> > rlm_eap: EAP packet type response id 4 length 6
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 4
> > users: Matched entry wifiuser at line 65
> > modcall[authorize]: module "files" returns ok for request 4
> >modcall: leaving group authorize (returns updated) for request 4
> > rad_check_password: Found Auth-Type EAP
> >auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> >modcall: entering group authenticate for request 4
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP NAK
> > rlm_eap: EAP-NAK asked for EAP-Type/peap
> > rlm_eap: No such EAP type peap
> > rlm_eap: Failed in EAP select
> > modcall[authenticate]: module "eap" returns invalid for request 4
> >modcall: leaving group authenticate (returns invalid) for request 4
> >auth: Failed to validate the user.
> >Delaying request 4 for 1 seconds
> >Finished request 4
> >Going to the next request
> >Waking up in 1 seconds...
> >--- Walking the entire request list ---
> >Waking up in 1 seconds...
> >--- Walking the entire request list ---
> >Sending Access-Reject of id 15 to 192.168.150.250 port 1645
> > EAP-Message = 0x04040004
> > Message-Authenticator = 0x00000000000000000000000000000000
> >Waking up in 4 seconds...
> >--- Walking the entire request list ---
> >Cleaning up request 2 ID 13 with timestamp 46489220
> >Cleaning up request 3 ID 14 with timestamp 46489220
> >Cleaning up request 4 ID 15 with timestamp 46489220
> >Nothing to do. Sleeping until we see a request.
> >
> >> -----Original Message-----
> >> From: freeradius-users-
> bounces+chr.ejlertsen=has.dk at lists.freeradius.org
> >> [mailto:freeradius-users-
> >> bounces+chr.ejlertsen=has.dk at lists.freeradius.org] On Behalf Of
> Riccardo
> >> Veraldi
> >> Sent: 14. maj 2007 18:37
> >> To: FreeRadius users mailing list
> >> Subject: Re: Cisco Access Points
> >>
> >>
> >> radiusd -A -X
> >>
> >> an tell what you see on the radius server
> >>
> >>
> >> thanks
> >>
> >> Rick
> >>
> >>
> >> Christian Ejlertsen wrote:
> >> >
> >> > Hello to all
> >> >
> >> > I'm very new at this whole radius deal so I hope I can find a kind
> >> > soul that could help me with this setup.
> >> >
> >> > I'm sorry if this is described somewhere I've been looking around and
> >> > I don't seem to find this.
> >> >
> >> > For now i'm trying to get a very simple setup to work
> >> >
> >> > I have a Cisco 1121G AP which I want to use with my freeeradius
> server
> >> > EAP/PEAP
> >> >
> >> > Nothing fancy just a user local on the freeradius server
> >> >
> >> > I can't get the user credentials to authenticate
> >> >
> >> > It's a Windows machine that I trying to authenticate with and the
> >> > wireless netcard is set to use EAP (PEAP), no certificates and
> >> > EAP-MSCHAPv2 as authentication method.
> >> >
> >> > I have a user in the radius users file called
> >> >
> >> > wifiuser User-Password := "SomePasswordHere"
> >> >
> >> > MS-CHAP-Use-NTLM-Auth := 0
> >> >
> >> > In the clients.conf I have
> >> >
> >> > client 192.168.150.250 {
> >> >
> >> > secret = SomePasswordHere
> >> >
> >> > shortname = CiscoAP1121
> >> >
> >> > nastype = cisco
> >> >
> >> > }
> >> >
> >> > In the eap.conf I unmarked
> >> >
> >> > default_eap_type = mschapv2
> >> >
> >> > Then I read this in the eap.conf
> >> >
> >> > # This module is the *Microsoft* implementation of MS-CHAPv2
> >> >
> >> > # in EAP. There is another (incompatible) implementation
> >> >
> >> > # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
> >> >
> >> > # currently support.
> >> >
> >> > #
> >> >
> >> > mschapv2 {
> >> >
> >> > }
> >> >
> >> > Does this apply to my setup and if so what is an alternative to what
> >> > I'm trying todo?
> >> >
> >> > When I debug on the cisco AP I get the following lines that are odd
> >> > (Full log in bottom of the mail)
> >> >
> >> > *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41
> [WIFI_PRIVA]
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS: 33
> >> >
> >> > It's a pretty standard Freeradius config havn't done anything to it
> >> > but added some users and one other client.
> >> >
> >> > Thank you in advance
> >> >
> >> > Christian
> >> >
> >> > -------- LOGS BELOW ---------
> >> >
> >> > All I get in radius.log is
> >> >
> >> > Mon May 14 19:50:20 2007 : Info: rlm_eap_md5: Issuing Challenge
> >> >
> >> > --------------- CISCO DEBUG RADIUS -----------------------
> >> >
> >> > *Apr 23 19:50:57.288: RADIUS/ENCODE(000000D3):Orig. component type =
> >> DOT11
> >> >
> >> > *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [263] 12
> >> >
> >> > *Apr 23 19:50:57.288: RADIUS: 57 49 46 49 5F 50 52 49 56 41
> [WIFI_PRIVA]
> >> >
> >> > *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [156] 3
> >> >
> >> > *Apr 23 19:50:57.288: RADIUS: 33 [3]
> >> >
> >> > *Apr 23 19:50:57.288: RADIUS(000000D3): Storing nasport 336 in rad_db
> >> >
> >> > *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP:
> 192.168.150.250
> >> >
> >> > *Apr 23 19:50:57.289: RADIUS/ENCODE(000000D3): acct_session_id: 82
> >> >
> >> > *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP:
> 192.168.150.250
> >> >
> >> > *Apr 23 19:50:57.289: RADIUS(000000D3): sending
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS(000000D3): Send Access-Request to
> >> > 192.168.150.1:1812 id 1645/33, len 135
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS: authenticator EA B6 33 72 6C 09 8E CF -
> >> > 84 B1 60 BB 54 B8 55 BF
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS: User-Name [1] 10 "wifiuser"
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS: Framed-MTU [12] 6 1400
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS: Called-Station-Id [30] 16
> "0017.0e86.2cb0"
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS: Calling-Station-Id [31] 16
> >> "000e.35e6.0bd0"
> >> >
> >> > *Apr 23 19:50:57.290: RADIUS: Service-Type [6] 6 Login [1]
> >> >
> >> > *Apr 23 19:50:57.291: RADIUS: Message-Authenticato[80] 18 *
> >> >
> >> > *Apr 23 19:50:57.291: RADIUS: EAP-Message [79] 15
> >> >
> >> > *Apr 23 19:50:57.291: RADIUS: 02 02 00 0D 01 77 69 66 69 75 73 65 72
> >> > [?????wifiuser]
> >> >
> >> > *Apr 23 19:50:57.291: RADIUS: NAS-Port-Type [61] 6 802.11 wireless
> [19]
> >> >
> >> > *Apr 23 19:50:57.292: RADIUS: NAS-Port [5] 6 336
> >> >
> >> > *Apr 23 19:50:57.292: RADIUS: NAS-IP-Address [4] 6 192.168.150.250
> >> >
> >> > *Apr 23 19:50:57.292: RADIUS: Nas-Identifier [32] 10 "VOICE-AP"
> >> >
> >> > *Apr 23 19:50:57.293: RADIUS: Received from id 1645/33
> >> > 192.168.150.1:1812, Access-Challenge, len 80
> >> >
> >> > *Apr 23 19:50:57.294: RADIUS: authenticator F9 A4 EE 6B E1 5A 8A AB -
> >> > F5 BD 19 CA 96 33 48 CA
> >> >
> >> > *Apr 23 19:50:57.294: RADIUS: EAP-Message [79] 24
> >> >
> >> > *Apr 23 19:50:57.294: RADIUS: 01 03 00 16 04 10 41 8F DB 50 B7 94 9A
> >> > 30 DF CE [??????A??P???0??]
> >> >
> >> > *Apr 23 19:50:57.294: RADIUS: 60 DA D1 51 EB 08 [`??Q??]
> >> >
> >> > *Apr 23 19:50:57.294: RADIUS: Message-Authenticato[80] 18 *
> >> >
> >> > *Apr 23 19:50:57.294: RADIUS: State [24] 18
> >> >
> >> > *Apr 23 19:50:57.295: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF
> >> > 21 54 FB [?SV????????F?!T?]
> >> >
> >> > *Apr 23 19:50:57.295: RADIUS(000000D3): Received from id 1645/33
> >> >
> >> > *Apr 23 19:50:57.296: RADIUS/DECODE: EAP-Message fragments, 22, total
> >> > 22 bytes
> >> >
> >> > *Apr 23 19:50:57.298: RADIUS/ENCODE(000000D3):Orig. component type =
> >> DOT11
> >> >
> >> > *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41
> [WIFI_PRIVA]
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS: 33 [3]
> >> >
> >> > *Apr 23 19:50:57.299: RADIUS(000000D3): Using existing nas_port 336
> >> >
> >> > *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP:
> 192.168.150.250
> >> >
> >> > *Apr 23 19:50:57.300: RADIUS/ENCODE(000000D3): acct_session_id: 82
> >> >
> >> > *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP:
> 192.168.150.250
> >> >
> >> > *Apr 23 19:50:57.300: RADIUS(000000D3): sending
> >> >
> >> > *Apr 23 19:50:57.300: RADIUS(000000D3): Send Access-Request to
> >> > 192.168.150.1:1812 id 1645/34, len 146
> >> >
> >> > *Apr 23 19:50:57.300: RADIUS: authenticator 56 F3 92 78 A7 7A 09 FA -
> >> > 99 29 51 99 7D E0 9F B3
> >> >
> >> > *Apr 23 19:50:57.301: RADIUS: User-Name [1] 10 "wifiuser"
> >> >
> >> > *Apr 23 19:50:57.301: RADIUS: Framed-MTU [12] 6 1400
> >> >
> >> > *Apr 23 19:50:57.301: RADIUS: Called-Station-Id [30] 16
> "0017.0e86.2cb0"
> >> >
> >> > *Apr 23 19:50:57.301: RADIUS: Calling-Station-Id [31] 16
> >> "000e.35e6.0bd0"
> >> >
> >> > *Apr 23 19:50:57.301: RADIUS: Service-Type [6] 6 Login [1]
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: Message-Authenticato[80] 18 *
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: EAP-Message [79] 8
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: 02 03 00 06 03 19 [??????]
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: NAS-Port-Type [61] 6 802.11 wireless
> [19]
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: NAS-Port [5] 6 336
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: State [24] 18
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF
> >> > 21 54 FB [?SV????????F?!T?]
> >> >
> >> > *Apr 23 19:50:57.302: RADIUS: NAS-IP-Address [4] 6 192.168.150.250
> >> >
> >> > *Apr 23 19:50:57.303: RADIUS: Nas-Identifier [32] 10 "VOICE-AP"
> >> >
> >> > *Apr 23 19:51:02.527: RADIUS: no sg in radius-timers: ctx 0xC2506C sg
> >> > 0x0000
> >> >
> >> > *Apr 23 19:51:02.527: RADIUS: Retransmit to (192.168.150.1:1812,1813)
> >> > for id 1645/34
> >> >
> >> > *Apr 23 19:51:02.527: RADIUS: Received from id 1645/34
> >> > 192.168.150.1:1812, Access-Reject, len 44
> >> >
> >> > *Apr 23 19:51:02.528: RADIUS: authenticator 27 C2 B4 DD 14 F9 C3 C0 -
> >> > DF 88 BD B5 DC 0D 6C 63
> >> >
> >> > *Apr 23 19:51:02.528: RADIUS: EAP-Message [79] 6
> >> >
> >> > *Apr 23 19:51:02.528: RADIUS: 04 03 00 04 [????]
> >> >
> >> > *Apr 23 19:51:02.528: RADIUS: Message-Authenticato[80] 18 *
> >> >
> >> > *Apr 23 19:51:02.529: RADIUS(000000D3): Received from id 1645/34
> >> >
> >> > *Apr 23 19:51:02.529: RADIUS/DECODE: EAP-Message fragments, 4, total
> 4
> >> > bytes
> >> >
> >> > ------------------------ CISCO DEBUG RADIUS END ---------------------
> >> >
> >> > ---------------------------------------------------------------------
> ---
> >> >
> >> > -
> >> > List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list