Freeradius + OpenLdap + WindowsXP(Wifi)
Kleber Larroyd
larroyd at hotmail.com
Tue Oct 13 18:30:00 CEST 2009
Freeradius 1.1.7
Openldap
Windows XP SP2 (WPA-TKIP / Protected EAP (PEAP))
Have any idea ? Where can i find the solution ?
When i trying connect freeradius server with wireless over
access point i get this error:
Tue Oct 13 12:00:45 2009 : Debug: Finished request 7
Tue Oct 13 12:00:45 2009 : Debug: Going to the next request
Tue Oct 13 12:00:45 2009 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.155.123:1812, id=77, length=117
User-Name = "kleberl"
NAS-IP-Address = 192.168.155.123
NAS-Port-Type = Wireless-802.11
State = 0xcdb24b80885193f00e1673d06eb7859c
EAP-Message = 0x029600261900170301001b8cfe319046bdc5f99d42805f852d4695a57e722889822c7a01be3f
Message-Authenticator = 0x9d1262ea1db0eca8f5ecaaee93e7ff1d
Tue Oct 13 12:00:45 2009 : Debug: Processing the authorize section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authorize for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "preprocess" returns ok for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "chap" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "mschap" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No '@' in User-Name = "kleberl", looking up realm NULL
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No such realm "NULL"
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "suffix" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: - authorize
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing user authorization for kleberl
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: '(uid=kleberl)'
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: 'ou=People,dc=stars,dc=net'
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing search in ou=People,dc=stars,dc=net, with filter (uid=kleberl)
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for check items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for reply items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: user kleberl authorized to use remote access
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "ldap" returns ok for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP packet type response id 150 length 38
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "eap" returns updated for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authorize (returns updated) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rad_check_password: Found Auth-Type EAP
Tue Oct 13 12:00:45 2009 : Debug: auth: type "EAP"
Tue Oct 13 12:00:45 2009 : Debug: Processing the authenticate section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authenticate for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Request found, released from the list
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP/peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: processing type peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Authenticate
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_tls: processing TLS
Tue Oct 13 12:00:45 2009 : Debug: eaptls_verify returned 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_tls: Done initial handshake
Tue Oct 13 12:00:45 2009 : Debug: eaptls_process returned 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: EAPTLS_OK
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Received EAP-TLV response.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Tunneled data is valid.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Handler failed in EAP/peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Failed in EAP select
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authenticate]: module "eap" returns invalid for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authenticate (returns invalid) for request 8
Tue Oct 13 12:00:45 2009 : Debug: auth: Failed to validate the user.
Tue Oct 13 12:00:45 2009 : Debug: Delaying request 8 for 1 seconds
Tue Oct 13 12:00:45 2009 : Debug: Finished request 8
Tue Oct 13 12:00:45 2009 : Debug: Going to the next request
Tue Oct 13 12:00:45 2009 : Debug: Waking up in 6 seconds...
Tue Oct 13 12:00:51 2009 : Debug: --- Walking the entire request list ---
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 0 ID 69 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 1 ID 70 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 2 ID 71 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 3 ID 72 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 4 ID 73 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 5 ID 74 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 6 ID 75 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 7 ID 76 with timestamp 4ad4961d
Sending Access-Reject of id 77 to 192.168.155.123 port 1812
EAP-Message = 0x04960004
Message-Authenticator = 0x00000000000000000000000000000000
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 8 ID 77 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Nothing to do. Sleeping until we see a request.
# --------------- EAP.CONF ----------------
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
mschapv2 {
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
# proxy_tunneled_request_as_eap = yes
}
}
# ---------- RADIUSD.CONF-----------------
ldap {
server = "localhost"
identity = "cn=admin,dc=stars,dc=net"
password = secret55
basedn = "ou=People,dc=stars,dc=net"
filter = "(uid=%u)"
start_tls = no
#access_attr = "uid"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
authorize {
preprocess
chap
mschap
suffix
ldap
eap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
# -----------USERS ------------------
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
_________________________________________________________________
Você sabia que com o Hotmail você tem espaço ilimitado para guardar seus e-mails? Começe a usar já!
http://www.microsoft.com/brasil/windows/windowslive/products/hotmail.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091013/481fcc40/attachment.html>
More information about the Freeradius-Users
mailing list