windows cisco radius opendlap

alois blasbichler alois.blasbichler at sb-brixen.it
Thu Apr 10 14:50:10 CEST 2008


Hello list

I am trying to let authenticate my users with radius/ldap before he  
can enter with hers windows-xp-clients my wireles-lan.
We use a Cisco wireless lan controller 4400.
We use opendlap for the users attributes : name, password(md5), sambapasswords

But i cant get login to my WLAN with an windows-xp-client.
Below is the log

To explain the log : 10.53.240.10  is my cisco wireless lan controller
The mac of my windows-xp-client is : 00-0E-35-5A-86-69
The username i tried is "test".

The strange for me is that at the end i see:
Login OK: [test] (from client cisco port 29 cli 00-0E-35-5A-86-69)

But i see this message also when i use a wrong password

Is this a miskonfiguration of my cisco ?


I hope somebody can give me a help
luis
###################################################################
modcall: entering group authorize for request 284
   modcall[authorize]: module "preprocess" returns ok for request 284
   modcall[authorize]: module "chap" returns noop for request 284
   rlm_eap: EAP packet type notification id 32 length 6
   rlm_eap: EAP Start not found
   modcall[authorize]: module "eap" returns updated for request 284
     rlm_realm: No '@' in User-Name = "test", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 284
     users: Matched DEFAULT at 162
     users: Matched DEFAULT at 181
   modcall[authorize]: module "files" returns ok for request 284
   modcall[authorize]: module "mschap" returns noop for request 284
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=sb-brixen,dc=it'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=sb-brixen,dc=it, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by radiusFilterId
rlm_ldap: Added password {MD5}z+0c65+jByhDM1ldJwmp9w== in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value  
54D7A5EF2DC6130A2831D83B84846A87 &
op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value  
DB6CF596B290E59AC2265B23734E0DAC &
op=21
rlm_ldap: Adding userPassword as User-Password, value { & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value pippoisok & op=11
rlm_ldap: user test authorized to use remote access
ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 284
modcall: group authorize returns updated for request 284
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 284
   rlm_eap: EAP packet type notification id 32 length 6
   rlm_eap: EAP Start not found
   rlm_eap: Request found, released from the list
   rlm_eap: EAP NAK
   rlm_eap: Unknown EAP type 21, reverting to default_eap_type
   rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
   modcall[authenticate]: module "eap" returns ok for request 284
modcall: group authenticate returns ok for request 284
Login OK: [test] (from client cisco port 29 cli 00-0E-35-5A-86-69)
Sending Access-Challenge of id 121 to 10.53.240.10:32769
         Framed-IP-Address = 255.255.255.254
         Framed-MTU = 576
         Service-Type = Framed-User
         Filter-Id = "pippoisok"
         EAP-Message = 0x0121001604108dbc391981d5f73f5291db28b51df479
         Message-Authenticator = 0x00000000000000000000000000000000
         State =  
0x0fa7d26d9c7e4f52a6000443ea25ea878bdefd47999b2dd4735b2e46aefd2e0102593e6b
Finished request 284
Going to the next request
Waking up in 5 seconds...
###################################################################




More information about the Freeradius-Users mailing list