thx 4 openSSL & one more question
ds14.kornel
ds14.kornel at gmail.com
Wed May 5 16:15:00 CEST 2010
Hi
Thanks for last advices with freeradius installations + peap on debian lenny
Now i have no problem with enabling peap :)
this time I'm asking for help with some other problem:
I'm trying to enable WPA2 enterprice authentication on my accesspoints.
When trying to auth my wireless client I'm getting sth like this in log :
Wed May 5 15:09:25 2010 : Auth: Login incorrect: [karol/<no
User-Password attribute>] (from client AP1 port 0 cli 0022431380c4)
where :
0022431380c4 is my wireless mac adress (laptop)
client AP1 is my Access Point client from clients.conf
karol - is my user from users.conf
it looks like freeradius don't want to look inside the password field
and can't recognize a laptop ip (getting mac)
Please give me some advices - what's next ?
Here is my debug.
Kill-9:/home/kornel# freeradius -X
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 3
2010 at 15:51:52
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = yes
dead_time = 120
wake_all_if_all_dead = no
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
* client 172.16.0.16 { ----------------------Client ip
adress*
require_message_authenticator = no
secret = "tajne1234"
shortname = "eee"
}
* client 192.168.10.50 { ----------------------AP ip adress*
require_message_authenticator = no
secret = "tajne1234"
shortname = "AP1"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server {
modules {
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1812
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
*AND here is an authenticate attempt debug*
rad_recv: Access-Request packet from host 192.168.10.50 port 2054,
id=148, length=169
User-Name = "karol"
* NAS-IP-Address = 192.168.10.50 ----------------------AP
ip adress*
NAS-Port = 0
* Called-Station-Id = "00265abab28d" ----------------------AP
mac adress
Calling-Station-Id = "0022431380c4"
----------------------Client mac adress*
NAS-Identifier = "Realtek Access Point. 8186"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000b016d617263696e
Message-Authenticator = 0x2ea50a302a451ed3b32b748a23fe00e3
WARNING: Empty section. Using default return values.
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [karol/<no User-Password attribute>] (from client AP1
port 0 cli 0022431380c4)
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 148 to 192.168.10.50 port 2054
Waking up in 4.9 seconds.
Client's system is eeebuntu and i'm sure that's on client and on AP
everything is ok because when i'm connecting to another freeradius
server - it's working fine (unfortunatelly i don't have an acces to
those confs) in addition - temporarily I accepted all connections from
those two ip's on my firewall to have 100% sure that's not a connection
issue.
Thank you for your time and knowledge share.
--
LAN Administrator of DS14
Kornel Kornatka
room 529
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100505/f09c416e/attachment.html>
More information about the Freeradius-Users
mailing list