Wireless WPA2 enterprise Radius authentication

midnightsteel midnightsteel at msn.com
Tue Oct 26 14:10:02 CEST 2010 

I'm running freeradius 2.1.9-1. I will run the debug test when I get home
later

 

The funny thing is, it could be just 1 small setting that I missed. This is
a pain.

I have a Windows Vista/7 clients connecting to a cisco e3000 wireless router
(WPA2 Enterprise) authenticating to > freeradius 2.1.9-1 > authenticating to
389-DS-1.2.1-1(fedora directory service). 

 

DO you have any sample configs that work with a setup as mentioned above?

 

 

From: Phil Mayers [via FreeRadius]
[mailto:ml-node+3236704-1217559822-142716 at n5.nabble.com] 
Sent: Tuesday, October 26, 2010 4:41 AM
To: midnightsteel
Subject: Re: Wireless WPA2 enterprise Radius authentication

 

On 10/26/2010 03:59 AM, midnightsteel wrote: 


> 
> Has anyone gotten Freeradius 2.x and LDAP (OpenLDAP, FDS, etc...) to
properly 
> authenticate users? 
> 
> I get the following in my radius log 
> 
> Auth: Login incorrect: [wii/<via Auth-Type = EAP>] (from client access
port 
> 0 via TLS tunnel) 
> Auth: Login incorrect: [wii/<via Auth-Type = EAP>] (from client access
port 
> 14 cli 78e400881f19) 
> 
> 
> This is driving me crazy. I can authenticate users from the radius serve
to 
> ldap but not from the access point to radius to ldap 
> 
> If anyone has gotten it to work please post the example config files that 
> you used. Im open to answer any questions that you may have about my 
> configs. 
> 
> Access point using WPA2-Enterprise>>  Freeradius 2.x>>  389-DS(Fedora
LDAP) 
> 


Yes, people have used LDAP to authenticate 802.1x. 

Run the server in debug mode (I should get a keyboard macro to type 
this) and look at the output: 

radiusd -X | tee logfile 

...as you make an authentication attempt. Chances are if you read that 
debug output (as suggested in the README) you'll see the problem. If not 
post the full debug output here. 

In brief: 

  1. Your ldap server needs to contain the password hash(es) appropriate 
for your method of authentication(s) - or better yet the plaintext - and 
the freeradius binddn must be able to see them 

  2. The attribute names should match ldap.attrmap, or you should update is 

You said "FreeRadius 2.x". That's a bit vague. What is the actual version? 
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



  _____  

View message @
http://freeradius.1045715.n5.nabble.com/Wireless-WPA2-enterprise-Radius-auth
entication-tp3236494p3236704.html 
To unsubscribe from Wireless WPA2 enterprise Radius authentication, click
here
<http://freeradius.1045715.n5.nabble.com/template/TplServlet.jtp?tpl=unsubsc
ribe_by_code&node=3236494&code=bWlkbmlnaHRzdGVlbEBtc24uY29tfDMyMzY0OTR8LTEyN
Dk0NTUwNjY=> . 

 


-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/Wireless-WPA2-enterprise-Radius-authentication-tp3236494p3236921.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101026/a48f7e06/attachment.html>

More information about the Freeradius-Users mailing list