radlogin works, mobile device not
Fajar A. Nugraha
list at fajar.net
Tue Sep 11 11:06:07 CEST 2012
On Tue, Sep 11, 2012 at 3:54 PM, Mihajlo Joksimovic
<mihajlo.joksimovic at adfinis-sygroup.ch> wrote:
> IPhone test:
> rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21,
> Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec
> Service-Type = Framed-User
> User-Name = "nadine.bosshard"
> Framed-MTU = 1488
> Called-Station-Id = "204E7FE98EF3:TCSVO-Intern"
> Calling-Station-Id = "9803D861E85C"
> NAS-Identifier = "aptcsvo02"
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = 0x02000014016e6164696e652e626f737368617264
> NAS-IP-Address = 10.119.12.2
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm
> rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 0 length 20
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
There should be other lines before that. Like the ones that says it's
> rlm_unix: [nadine.bosshard]: invalid shell [/bin/false]
> ++[unix] returns reject
Did you read that line? You have "unix" in authorize section of inner
tunnel. And user nadine.bosshard is not allowed to login to the system
(invalid shell). FR does the right thing. Comment-out that line in
Your radlogin test succeed because you don't have "unix" in authorize
section of default virtual server.
See how important complete debug logs are?
... and seriously, upgrade. There are many known bugs fixed since
2.0.x. And if you can edit the configuration freely by hand, you
should be able to upgrade.
More information about the Freeradius-Users