Freeradius + OpenLdap + WindowsXP(Wifi)

Kleber Larroyd larroyd at hotmail.com
Tue Oct 13 18:30:00 CEST 2009



Freeradius 1.1.7
Openldap 
Windows XP SP2 (WPA-TKIP / Protected EAP (PEAP))

Have any idea ? Where can i find the solution ?
When i trying connect freeradius server with wireless over
access point i get this error:


Tue Oct 13 12:00:45 2009 : Debug: Finished request 7
Tue Oct 13 12:00:45 2009 : Debug: Going to the next request
Tue Oct 13 12:00:45 2009 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.155.123:1812, id=77, length=117
    User-Name = "kleberl"
    NAS-IP-Address = 192.168.155.123
    NAS-Port-Type = Wireless-802.11
    State = 0xcdb24b80885193f00e1673d06eb7859c
    EAP-Message = 0x029600261900170301001b8cfe319046bdc5f99d42805f852d4695a57e722889822c7a01be3f
    Message-Authenticator = 0x9d1262ea1db0eca8f5ecaaee93e7ff1d
Tue Oct 13 12:00:45 2009 : Debug:   Processing the authorize section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authorize for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: calling preprocess (rlm_preprocess) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authorize]: module "preprocess" returns ok for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: calling chap (rlm_chap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: returned from chap (rlm_chap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authorize]: module "chap" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: returned from mschap (rlm_mschap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authorize]: module "mschap" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) for request 8
Tue Oct 13 12:00:45 2009 : Debug:     rlm_realm: No '@' in User-Name = "kleberl", looking up realm NULL
Tue Oct 13 12:00:45 2009 : Debug:     rlm_realm: No such realm "NULL"
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: returned from suffix (rlm_realm) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authorize]: module "suffix" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: calling ldap (rlm_ldap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: - authorize
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing user authorization for kleberl
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat:  '(uid=kleberl)'
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat:  'ou=People,dc=stars,dc=net'
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing search in ou=People,dc=stars,dc=net, with filter (uid=kleberl)
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for check items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for reply items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: user kleberl authorized to use remote access
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: returned from ldap (rlm_ldap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authorize]: module "ldap" returns ok for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap: EAP packet type response id 150 length 38
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authorize]: module "eap" returns updated for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authorize (returns updated) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   rad_check_password:  Found Auth-Type EAP
Tue Oct 13 12:00:45 2009 : Debug: auth: type "EAP"
Tue Oct 13 12:00:45 2009 : Debug:   Processing the authenticate section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authenticate for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap: Request found, released from the list
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap: EAP/peap
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap: processing type peap
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_peap: Authenticate
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_tls: processing TLS
Tue Oct 13 12:00:45 2009 : Debug:   eaptls_verify returned 7 
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_tls: Done initial handshake
Tue Oct 13 12:00:45 2009 : Debug:   eaptls_process returned 7 
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_peap: EAPTLS_OK
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_peap: Session established.  Decoding tunneled attributes.
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_peap: Received EAP-TLV response.
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_peap: Tunneled data is valid.
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in this session.
Tue Oct 13 12:00:45 2009 : Debug:  rlm_eap: Handler failed in EAP/peap
Tue Oct 13 12:00:45 2009 : Debug:   rlm_eap: Failed in EAP select
Tue Oct 13 12:00:45 2009 : Debug:   modsingle[authenticate]: returned from eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug:   modcall[authenticate]: module "eap" returns invalid for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authenticate (returns invalid) for request 8
Tue Oct 13 12:00:45 2009 : Debug: auth: Failed to validate the user.
Tue Oct 13 12:00:45 2009 : Debug: Delaying request 8 for 1 seconds
Tue Oct 13 12:00:45 2009 : Debug: Finished request 8
Tue Oct 13 12:00:45 2009 : Debug: Going to the next request
Tue Oct 13 12:00:45 2009 : Debug: Waking up in 6 seconds...
Tue Oct 13 12:00:51 2009 : Debug: --- Walking the entire request list ---
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 0 ID 69 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 1 ID 70 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 2 ID 71 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 3 ID 72 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 4 ID 73 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 5 ID 74 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 6 ID 75 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 7 ID 76 with timestamp 4ad4961d
Sending Access-Reject of id 77 to 192.168.155.123 port 1812
    EAP-Message = 0x04960004
    Message-Authenticator = 0x00000000000000000000000000000000
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 8 ID 77 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Nothing to do.  Sleeping until we see a request.



# --------------- EAP.CONF ----------------

eap {
   default_eap_type = ttls
   timer_expire = 60
   ignore_unknown_eap_types = no
   cisco_accounting_username_bug = no
      
   md5 {
   }
    
   mschapv2 {
   }
    
   tls {
      private_key_password = whatever
      private_key_file = ${raddbdir}/certs/cert-srv.pem
      certificate_file = ${raddbdir}/certs/cert-srv.pem
      CA_file = ${raddbdir}/certs/demoCA/cacert.pem
      dh_file = ${raddbdir}/certs/dh
      random_file = ${raddbdir}/certs/random
      fragment_size = 1024
   }

   ttls {
      default_eap_type = md5
      copy_request_to_tunnel = no
      use_tunneled_reply = no
   }
     peap {
                       
                        default_eap_type = mschapv2
                        copy_request_to_tunnel = yes
                        use_tunneled_reply = yes
                #       proxy_tunneled_request_as_eap = yes
                }

}

# ---------- RADIUSD.CONF-----------------

   ldap {
                server = "localhost"
                identity = "cn=admin,dc=stars,dc=net"
                password = secret55
                basedn = "ou=People,dc=stars,dc=net"
                filter = "(uid=%u)"
                start_tls = no
                #access_attr = "uid"
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                ldap_connections_number = 5
                timeout = 4
                timelimit = 3
                net_timeout = 1
        }

authorize {
        preprocess
        chap
        mschap
        suffix
        ldap
        eap
}

authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type MS-CHAP {
                mschap
        }
eap
}

# -----------USERS ------------------

DEFAULT    Auth-Type = System
    Fall-Through = 1
DEFAULT    Service-Type == Framed-User
    Framed-IP-Address = 255.255.255.254,
    Framed-MTU = 576,
    Service-Type = Framed-User,
    Fall-Through = Yes
DEFAULT    Framed-Protocol == PPP
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT    Hint == "CSLIP"
    Framed-Protocol = SLIP,
    Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT    Hint == "SLIP"
    Framed-Protocol = SLIP

 		 	   		  
_________________________________________________________________
Você sabia que com o Hotmail você tem espaço ilimitado para guardar seus e-mails? Começe a usar já!
http://www.microsoft.com/brasil/windows/windowslive/products/hotmail.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091013/481fcc40/attachment.html>


More information about the Freeradius-Users mailing list