radlogin works, mobile device not

Mihajlo Joksimovic mihajlo.joksimovic at adfinis-sygroup.ch
Tue Sep 11 08:30:26 CEST 2012 

Personally i want freeradius just to work with IPhones or other devices.

But the debug mode doesnt show any try to connect to LDAP.

rad_recv: Access-Request packet from host 10.119.12.2 port 1313, id=19,
length=197
    Message-Authenticator = 0xb75eef411ae5dd032df4d51d75b5174e
    Service-Type = Framed-User
    User-Name = "nadine.bosshard"
    Framed-MTU = 1488
    Called-Station-Id = "204E7FE98EF3:TCSVO-Intern"
    Calling-Station-Id = "9803D861E85C"
    NAS-Identifier = "aptcsvo02"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x02000014016e6164696e652e626f737368617264
    NAS-IP-Address = 10.119.12.2
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm
NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 0 length 20
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_unix: [nadine.bosshard]: invalid shell [/bin/false]
++[unix] returns reject
Invalid user: [nadine.bosshard/<via Auth-Type = EAP>] (from client
aptcsvo02 port 1 cli 9803D861E85C)
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> nadine.bosshard
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.119.12.2 port 1313, id=19,
length=197
Waiting to send Access-Reject to client aptcsvo02 port 1313 - ID: 19
Sending delayed reject for request 1
Sending Access-Reject of id 19 to 10.119.12.2 port 1313
Waking up in 4.9 seconds.
Cleaning up request 1 ID 19 with timestamp +53655
Ready to process requests.
rad_recv: Access-Request packet from host 10.119.12.2 port 1314, id=20,
length=197
    Message-Authenticator = 0x0893415ae4d24bc109a2109f68e2035b
    Service-Type = Framed-User
    User-Name = "nadine.bosshard"
    Framed-MTU = 1488
    Called-Station-Id = "204E7FE98EF3:TCSVO-Intern"
    Calling-Station-Id = "9803D861E85C"
    NAS-Identifier = "aptcsvo02"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x02000014016e6164696e652e626f737368617264
    NAS-IP-Address = 10.119.12.2
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm
NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 0 length 20
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_unix: [nadine.bosshard]: invalid shell [/bin/false]
++[unix] returns reject
Invalid user: [nadine.bosshard/<via Auth-Type = EAP>] (from client
aptcsvo02 port 1 cli 9803D861E85C)
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> nadine.bosshard
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.119.12.2 port 1314, id=20,
length=197
Waiting to send Access-Reject to client aptcsvo02 port 1314 - ID: 20
Sending delayed reject for request 2
Sending Access-Reject of id 20 to 10.119.12.2 port 1314
Waking up in 4.9 seconds.
Cleaning up request 2 ID 20 with timestamp +53680
Ready to process requests.

I now configured the whole thing new.
But I dont find any entries in logs, which give me a hint what my
problem with LDAP is...

Thanks for the help...

Mihajlo Joksimovic

Am 09/07/2012 04:41 PM, schrieb Fajar A. Nugraha:
> On Fri, Sep 7, 2012 at 8:37 PM, Mihajlo Joksimovic
> <mihajlo.joksimovic at adfinis-sygroup.ch> wrote:
>> ii  freeradius
>> 2.0.4+dfsg-6.61.201011221519               a high-performance and highly
>> configurable R
>>
>> it's version 2.0.4.
> Upgrade.
>
>> well i deactivated inner tunnel and configured everything in default. is
>> that wrong?
> If you want to use EAP, it's VERY wrong.
>

-- 
Adfinis SyGroup AG
Mihajlo Joksimovic, System Engineer

Güterstrasse 86 | CH-4053 Basel
Tel. 061 333 80 33

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120911/fafb8d97/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120911/fafb8d97/attachment-0001.pgp>

More information about the Freeradius-Users mailing list