Problem with freeradius + openldap for AP authentication

Michael Schwartzkopff misch at schwartzkopff.org
Mon Nov 26 10:29:10 CET 2012 

> Hiya
> 
> I need some help to configure freeradius with openldap. I have a ldap
> database which stores password in SSHA format, so i choose PAP for
> authentication. I want to use freeradius to authenticate on a netgear Wifi
> access point.
> 
> (http://deployingradius.com/documents/protocols/compatibility.html)
> 
> I've set up the AP in client freeradius in clients.conf, with a secret and
> shortname like in documentation.
> 
> Next i've put auto_header = yes in pap.conf
> And uncomment the line ldap to activate module in /site-enable/default
> 
> When i start server in debug mode, authorization works fine but server have
> problems to authentication step and i don't understand why
> Here is the debug comments :
> 
> rad_recv: Access-Request packet from host 192.168.0.201 port 32774, id=85,
> length=169 User-Name = "cyril"
>         NAS-IP-Address = 192.168.0.201
>         NAS-Identifier = "hello"
>         NAS-Port = 0
>         Called-Station-Id = "4C-60-DE-D2-22-61:easyBridge2"
>         Calling-Station-Id = "7C-C5-37-14-16-C9"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message = 0x0200000e016e6c61746869657265
>         Message-Authenticator = 0x2bf3ec3446adc97ea15c4c160ee8b0bbThu Nov
> 22 15:04:36 2012 :
> 

Since your 802.1x supplicant does not send a User-Password it seems that you 
configured some kind of EAP (802.1x) in the network authentications settings of 
your client (notebook). You also have a EAP-Message attribute in your Access-
Request packet.

And according to the protocol compatibility matrix you mentioned, SSHA and 
*EAP will not work.

-- 
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
Fax: (089) 620 304 13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121126/6ff0854e/attachment.pgp>

More information about the Freeradius-Users mailing list