OpenLDAP and FreeRadius Auth

Alex Gregory alex at c2company.com
Tue Aug 12 08:57:43 CEST 2014


Thanks for the reply.

I did have that in there but removed it trying to force it. I will change it back and play with it again tomorrow.

Alex

On Aug 11, 2014 11:50 PM, Alan DeKok <aland at deployingradius.com> wrote:
Alex Gregory wrote:
> I have done lots of searching and through some archived messages from this list made some good progress.  Reading these messages I have determined that since I have md5 hashed passwords in my openldap database I need to use PAP + TTLS.  I have read and performed the radtests at the top of the inner-tunnel config file with successful auths.  Specifically, I ran the following successfully:
>
> radtest -t pap USER PASSWORD 127.0.0.1:18120 0 testing123
>
> My problem comes when I try to authenticate a wireless device against the network.  I enter the username and password in the dialog (cisco WLC and Mac OSX Client) and get the following from the freeradius debug output.  I think its trying to do a form of authentication that I do not want hence why I am getting "No Authenticate method found for request".  Any guidance would be greatly appreciated.  If you need me to supply config files I can do that.  Thank you ahead of time for taking the time to read this:

  You edited the configuration files and broke them.  Don't do that.

> Tue Aug 12 00:42:07 2014 : Info: [ttls] Sending tunneled request
>        User-Name = "alexgregory"
>        MS-CHAP-Challenge = 0x63617d3c0b66a7d44fc7f62af61cceb2
>        MS-CHAP2-Response = 0x1c002eb87c02bede7f0934cda0f7765cfaac0000000000000000c2ab1c939dc610def7acbdc979e03d9ad581c505618bf99f
>        FreeRADIUS-Proxied-To = 127.0.0.1
>        Chargeable-User-Identity = ""
>        Location-Capable = Civix-Location
>        Calling-Station-Id = "78-31-c1-be-89-a8"
>        Called-Station-Id = "d4-a0-2a-15-7f-00:C2_Test"
>        NAS-Port = 4
>        Cisco-AVPair = "audit-session-id=0a2100820000057653e962bb"
>        NAS-IP-Address = 10.33.0.130
>        NAS-Identifier = "inWebo"
>        Airespace-Wlan-Id = 6
>        Service-Type = Framed-User
>        Framed-MTU = 1300
>        NAS-Port-Type = Wireless-802.11

  The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
You edited the "inner-tunnel" virtual server, and deleted "mschap" from
it.  Put it back.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140812/90a3a9a1/attachment.html>


More information about the Freeradius-Users mailing list