Having problems authenticating client computers onto the wireless network using a Cisco AP1252 via FreeRadius 2.1.10 on Ubuntu 12.04.2 serves
Alan DeKok
aland at deployingradius.com
Thu May 23 15:24:31 CEST 2013
Elizabeth Fife wrote:
> HI I am having problems authenticating client computers onto the
> wireless network using a Cisco AP1252 via FreeRadius 2.1.10 on Ubuntu
> 12.04.2 serves
You should upgrade to 2.2.0, but that likely won't fix the problem.
> Problem:
> When a wireless user tries to connect to the wireless network via the
> AP1252 after being disconnected form it for a while (or after waking
> from a long sleep) they are never authenticated. They just try over and
> over and never obtain an IP
>
> Interestingly in such a case neither Ubuntu server shows any sign of
> receiving an authentication request from the AP - Both ubuntu servers
> are running in debug mode so they show any activity - there is none
Well, that's the issue. If FreeRADIUS doesn't receive traffic, then
it can't authenticate the user.
So the problem is either the Ubuntu box (which isn't sending data to
the access point), or the access point (which isn't sending data to the
RADIUS server).
> Oddly:
> If i try to authenticate a user wirelessly to the AP and leave it in the
> usual state of trying over and over (with no visible activity on the
> ubuntu servers) BUT then go to a wired machine and attempt to
> authenticate an ssh connection to the AP1252 using a terminal
> command ssh user1 at X.X.5.101 THEN as soon as I hit enter on that
> request (and before I enter a password for the ssh connection) THE
> WAITING WIRELESS USER IS IMMEDIATELY AUTHENTICATED and assigned an IP
> address (and the ubuntu server shows the authentication activity for
> the wireless user)
Wow... that looks like the AP is broken.
> Please help me understand what might be causing this behavior - it seems
> like the AP sleeping and the wired ssh request wakes it up so that it
> sees the pending wireless user waiting and then acts on that completing
> the wireless user authentication request
Which is probably the case.
I'd say you should try another AP. If it works, toss your current one
in the garbage. It's not worth your time to debug weird issues with
closed-source vendor equipment.
Alan DeKok.
More information about the Freeradius-Users
mailing list