FreeRadius + LDAP on WPA2
rrperez at apc.edu.ph
rrperez at apc.edu.ph
Sun Aug 8 18:58:24 CEST 2010
FreeRadius 2.1.7 with OpenLDAP as backend for Wireless Network
I have configured the radius and ldap server on the same machine which is a virtual machine by the way. I have this problem when running the radtest on localhost and also I'm having a problem with the communication between the server and the access point because they don't respond to each other.
I really need help, ASAP...
Here is the debug in local radtest:
rad_recv: Access-Request packet from host 127.0.0.1 port 51734, id=11, length=58
User-Name = "etaban"
User-Password = "s3cur1ty"
NAS-IP-Address = 127.0.0.1
NAS-Port = 2
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "etaban", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 191
++[files] returns ok
[ldap] performing user authorization for etaban
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> etaban
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=etaban)
[ldap] expand: dc=testldap1,dc=test,dc=corpoff -> dc=testldap1,dc=test,dc=corpoff
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.96.100.206:389, authentication 0
rlm_ldap: bind as / to 10.96.100.206:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=testldap1,dc=test,dc=corpoff, with filter (uid=etaban)
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> Cleartext-Password == "s3cur1ty"
rlm_ldap: userPassword -> User-Password == "s3cur1ty"
[ldap] looking for reply items in directory...
[ldap] user etaban authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
rlm_eap: EAP-Message not found
[eap] Malformed EAP Message
++[eap] returns fail
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> etaban
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 11 to 127.0.0.1 port 51734
Waking up in 4.9 seconds.
Cleaning up request 0 ID 11 with timestamp +9
Ready to process requests.
More information about the Freeradius-Users
mailing list