FreeRadius authentication problems

Taneli Virtanen virtanentaneli at gmail.com
Mon Dec 3 12:10:53 CET 2012


Hello,

I'm currently having some trouble with FreeRadius authentication. Posting
my troubles at the Ubuntu forums didn't seem to help much, so I'm trying my
hand here at the mailing lists.

Here is the situation:

We have recently aquired a Ruckus Zone director to manage our networks. We
then wanted to have a Radius server to authenticate users thourgh their mac
address. So, I installed Ubuntu, followed some basic tutorials and got all
the way up to the point where I can join the radius controlled network.
Problem is that while connected to this wireless network, I can't connect
to internet and get booted from it in less than a minute with no message in
radius debug for me to solve this problem.

Here is the debug when connecting to the radius network:


Ready to process requests.
rad_recv: Access-Request packet from host 192.168.154.12 port 1065, id=9,
length=168
    User-Name = "Client mac address here"
    User-Password = "Client mac address here"
    Calling-Station-Id = "Client mac address here"
    NAS-IP-Address = 192.168.154.12
    Called-Station-Id = "Ruckus mac address here:opetusx"
    Service-Type = Framed-User
    NAS-Port-Type = Wireless-802.11
    NAS-Identifier = "Ruckus mac address here"
    Vendor-25053-Attr-3 = 0x6f706574757378
    Message-Authenticator = 0xa7676bfa2ace5b4ba05356c35cac255a

# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[authorized_macs]     expand: %{Calling-Station-ID} -> Client mac address
here
[authorized_macs] users: Matched entry Client mac address here at line 2
++[authorized_macs] returns ok
++? if (!ok)
? Evaluating !(ok) -> FALSE
++? if (!ok) -> FALSE
++- entering else else {...}
+++? if (!EAP-message)
? Evaluating !(EAP-message) -> TRUE
+++? if (!EAP-message) -> TRUE
+++- entering if (!EAP-message) {...}
++++[control] returns ok
+++- if (!EAP-message) returns ok
++- else else returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "Client mac address here", looking up realm
NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user

# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 9 to 192.168.154.12 port 1065
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +7
Ready to process requests.


I followed the plain mac auth guide to get this far, and the system sort of
works, but not quite. So the configs must be out of whack somehow, but
since radius doesn't give any debug info when I get booted out of the
network I'm at loss here. Any help?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121203/75fe49bf/attachment.html>


More information about the Freeradius-Users mailing list