FreeRadius on MacOS X Server
Andreas Hubert
ahu at censhare.de
Fri Aug 13 15:28:34 CEST 2010
Hi all,
I need help with the freeradius 2.1.3 in MacOS X Server. At the Apple discussion forum I don't get any answer. :(
Using this version:
radiusd: FreeRADIUS Version 2.1.3, for host i386-apple-darwin10.0, built on Feb 11 2010 at 02:25:02
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
In short terms, Apple is trying to make it easy, with the serveradmin you can just add an Apple Airport and it will be configured automatically for radius authentication with the open directory server. If I then try to connect to the WLAN, I see this message in the RADIUS log:
Fri Aug 13 14:46:50 2010 : Auth: rlm_opendirectory: User
<ahu> is authorized.
Fri Aug 13 14:46:59 2010 : Error: rlm_eap: No EAP session matching the State variable.
I also activated the debug mode and it came out this:
radiusd: #### Opening IP addresses and Ports ####
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.214.100 port 65527, id=35, length=162
User-Name = "ahu"
NAS-IP-Address = 192.168.214.100
NAS-Port = 0
Called-Station-Id = "00-1C-B3-AD-38-07:Andreas Huberts Netzwerk"
Calling-Station-Id = "00-25-00-41-AD-F3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x02eb000801616875
Message-Authenticator = 0xbf4e12e4c08fe497d93f036e78d9629d
rlm_opendirectory: The host 192.168.214.100 does not have an access group.
rlm_opendirectory: User <ahu> is authorized.
Sending Access-Challenge of id 35 to 192.168.214.100 port 65527
EAP-Message = 0x01ec00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7643105976af05ff18e41e4ad6d190e3
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.214.100 port 65527, id=36, length=336
User-Name = "ahu"
NAS-IP-Address = 192.168.214.100
NAS-Port = 0
Called-Station-Id = "00-1C-B3-AD-38-07:Andreas Huberts Netzwerk"
Calling-Station-Id = "00-25-00-41-AD-F3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x02ec00a415800000009a16030100950100009103014c65432b508949d3aa234f3918396b1fcd3fc7210ed299f0517fadf848a1e035000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
State = 0x7643105976af05ff18e41e4ad6d190e3
Message-Authenticator = 0x8d68f17c3a5ee3cd61864c91fddc73be
Sending Access-Challenge of id 36 to 192.168.214.100 port 65527
EAP-Message = 0x01ed035a158000000350160301002a0200002603014c65432bf1c8143b2611d52b71758554023eb6d883ed38f8b702c5fefdc1f92200002f0016030103130b00030f00030c00030930820305308201eda003020102020101300b06092a864886f70d01010530313122302006035504030c197873657276652d706172612d312e63656e73686172652e6465310b3009060355040613024445301e170d3039303932353134353334335a170d3130303932353134353334335a30313122302006035504030c197873657276652d706172612d312e63656e73686172652e6465310b300906035504061302444530820122300d06092a864886f70d01010105
EAP-Message = 0x000382010f003082010a0282010100b4b403f2e1b82e661ad564ed3b1c3953e5a71d922072239d7d0a739a2642ebb8dc193e610c34f4d06def71c8a9c081f37d6ef34d470eaed391cb21c2363c32c9712844156aed85a0a839d93452113fb915fc70ad9bce2f0d11a70c71311c125e6f66e6d6373cbbd2553d088f60db92e59d168d87c28309f73e10f5485fd5c2c60451297ec618f4261e9441ab4e7992cfc72b1f555e7a3597936dcc894601a5c2168e3a672febc7e69a343045ac62bc8d0fb5f7d87a93a99e4c9f18e24e281b5ea6c5533b4785c1954f35fdecfa64a3017af4f9ae8331eb7245d8912ae70750320cb801673874a568b25ad5c3a586
EAP-Message = 0x6e9dd6c58969b5dbeaa46a208e9208ce0dcd0203010001a32a3028300e0603551d0f0101ff04040302029430160603551d250101ff040c300a06082b06010505070301300d06092a864886f70d01010505000382010100262f875e3f0a16e09ca6df3ce3fafe205f9d943c1dfeba61376d4a5920413e6b0d4624c76544e015c8816ae1dca1aa840eb46eb692477976e9a782f035f2b96a0c4e214c42593bebd70d72e3c08afe877de86d9257a4395dfaabbc3ce8cf76f22bbfa4b4726821763f14dca93d707ebd916f36bddb0dadda01ceb37fc84175c5ee15701b0f4627d7f46beb3b39e4b9ab2ec881677c36ec591f2d39e998dc69c14a8983e14575
EAP-Message = 0x83749dba69683b8f0974b4744e39aa1dba0cf926299a0d3f6e674d90fc70398fb49e2523dbbb00dcd54da3ec354dab350c190b5f3b7b2b2e032f63bf898e8ba323724abc12b4baad64938e8d1baebafebf9715debd36a2f7c59816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7643105977ae05ff18e41e4ad6d190e3
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.214.100 port 65527, id=37, length=510
User-Name = "ahu"
NAS-IP-Address = 192.168.214.100
NAS-Port = 0
Called-Station-Id = "00-1C-B3-AD-38-07:Andreas Huberts Netzwerk"
Calling-Station-Id = "00-25-00-41-AD-F3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x02ed015015800000014616030101061000010201003cab4843d2e07fc6be3d8b609e4395e7e8d5384784d6d5167707d57acef126ef7ddc80bc88a4b8f5f62b8835d29067c57e8df4bf447dedc7901e912503e6b6282fe347ecaef6e444d1a1604a7aab2e06b10cd8c3b38dfdb8bc81e29f65eb8adc9477d68b85c228a592ccef185805be2f0bba92fe1958463313524f300aac5254e0638e7dfdfcacc4e1b0c52059cf01976a2aa0b26840002494217b09341b868d71f4d6a8ee9ba71016e6fa19234f6e3e51d6676a92b942fcb0b214aa662d1ee46b49cd8ecf9c6a7983806d666cf879408500c3317630b192645a397edf5a36099d41b3a4fa10c2ff
EAP-Message = 0x720b129c78752985cb0a418707b6eef0374ac4d38d144f7a14030100010116030100300150ef833c69851dae48a01e85bb4873fbec4399dc0b7c132a9953846b3e91139f90a88397a05d1ee2550874bac964fd
State = 0x7643105977ae05ff18e41e4ad6d190e3
Message-Authenticator = 0xd4d3f8e0f2568572259589129bc719af
Sending Access-Challenge of id 37 to 192.168.214.100 port 65527
EAP-Message = 0x01ee004515800000003b1403010001011603010030bbda33956ff9087b5291d1bf33e7bd7783b7e5a8334901c991146359bea1295b708aacf8a4f66486889750fe3f6c8969
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7643105974ad05ff18e41e4ad6d190e3
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.214.100 port 65527, id=37, length=510
Sending Access-Challenge of id 37 to 192.168.214.100 port 65527
Waking up in 1.9 seconds.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.214.100 port 65527, id=37, length=510
User-Name = "ahu"
NAS-IP-Address = 192.168.214.100
NAS-Port = 0
Called-Station-Id = "00-1C-B3-AD-38-07:Andreas Huberts Netzwerk"
Calling-Station-Id = "00-25-00-41-AD-F3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x02ed015015800000014616030101061000010201003cab4843d2e07fc6be3d8b609e4395e7e8d5384784d6d5167707d57acef126ef7ddc80bc88a4b8f5f62b8835d29067c57e8df4bf447dedc7901e912503e6b6282fe347ecaef6e444d1a1604a7aab2e06b10cd8c3b38dfdb8bc81e29f65eb8adc9477d68b85c228a592ccef185805be2f0bba92fe1958463313524f300aac5254e0638e7dfdfcacc4e1b0c52059cf01976a2aa0b26840002494217b09341b868d71f4d6a8ee9ba71016e6fa19234f6e3e51d6676a92b942fcb0b214aa662d1ee46b49cd8ecf9c6a7983806d666cf879408500c3317630b192645a397edf5a36099d41b3a4fa10c2ff
EAP-Message = 0x720b129c78752985cb0a418707b6eef0374ac4d38d144f7a14030100010116030100300150ef833c69851dae48a01e85bb4873fbec4399dc0b7c132a9953846b3e91139f90a88397a05d1ee2550874bac964f
State = 0x7643105977ae05ff18e41e4ad6d190e3
Message-Authenticator = 0xd4d3f8e0f2568572259589129bc719af
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
Waking up in 0.9 seconds.
Sending Access-Reject of id 37 to 192.168.214.100 port 65527
Waking up in 4.9 seconds.
Ready to process requests.
Does anyone know what could be wrong here?
I hope I can find here some helpful people here rather than in the Apple discussion forum, where nobody know deeply stuff.
Thanks
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100813/d8c5831f/attachment.html>
More information about the Freeradius-Users
mailing list