Can?t bring it to work on Centos 5.2...
Mike
freerad at reproheinatz.de
Fri Jul 3 12:24:30 CEST 2009
Dear list,
after 4 days of work and lots of google searches I?m really in the need
for some help!
My Setup:
A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x
and Dovecot Imap with domain and users stored in mysql, all with tls
enabled. Edimax AccessPoint 7206PDg
My goal:
Allowing User authentication for iPhone and Macs with user/password
My current Setup:
<http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5>
I?ve followed this as far as possible. Only one difference: I did build
freeradius 1.1.7 from source in the lag of a rpm-package. I?ve
configured with "./configure --libdir=/usr/lib64". While it only
complains about some missing oracle odbc and other sql stuff and I don?t
want to use sql I don?t think that this will cause any problems.
Added a user, tested it local on the box, no problems.
When trying to connect from an iPhone or OS X box with username at LOCAL
password I can see in the output radiusd -X that radius finds the user
but doesn?t accept him for some reason. Here is the complete output:
rad_recv: Access-Request packet from host 200.0.0.35:3072, id=111,
length=183
User-Name = "heinatz at LOCAL"
NAS-IP-Address = 200.0.0.35
NAS-Port = 0
Called-Station-Id = "001f1f0b642d"
Calling-Station-Id = "001cb35cbaf8"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02000012016865696e61747a404c4f43414c
Message-Authenticator = 0xdcc5aaa0f32561169a2a05d747304337
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "LOCAL" for User-Name = "heinatz at LOCAL"
rlm_realm: Found realm "LOCAL"
rlm_realm: Adding Stripped-User-Name = "heinatz"
rlm_realm: Proxying request from user heinatz to realm LOCAL
rlm_realm: Adding Realm = "LOCAL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 0 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry heinatz at line 1
modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 111 to 200.0.0.35 port 3072
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3007b9dfcccdaed8744c14b1f8483417
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 200.0.0.35:3072, id=112,
length=183
User-Name = "heinatz at LOCAL"
NAS-IP-Address = 200.0.0.35
NAS-Port = 0
Called-Station-Id = "001f1f0b642d"
Calling-Station-Id = "001cb35cbaf8"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02010012016865696e61747a404c4f43414c
Message-Authenticator = 0x4ff89acc02de903bb99910a0da6f0be9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "LOCAL" for User-Name = "heinatz at LOCAL"
rlm_realm: Found realm "LOCAL"
rlm_realm: Adding Stripped-User-Name = "heinatz"
rlm_realm: Proxying request from user heinatz to realm LOCAL
rlm_realm: Adding Realm = "LOCAL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 1 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry heinatz at line 1
modcall[authorize]: module "files" returns ok for request 6
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 112 to 200.0.0.35 port 3072
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x119b990a80c7f24ac94f61626e747416
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 111 with timestamp 4a4dcc9d
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 112 with timestamp 4a4dcca2
Nothing to do. Sleeping until we see a request.
I?m really at the end of my knowledge, please help,
Mike
More information about the Freeradius-Users
mailing list