Freeradius unable to configure with Kerberos on RHEL 5.5
Uzee
uzee007 at yahoo.com
Wed Sep 17 23:09:51 CEST 2014
Tried adding the kerberos realm to proxy.conf realm section.... still no luck.
On Wednesday, September 17, 2014 2:24 PM, Uzee <uzee007 at yahoo.com> wrote:
Hi,
I inherited freeradius 1.1.3 on RHEL 5.5 working with our kerberos and first tried to understand how it was setup but looking at the freeradius site and docs I decided that I should really upgrade.
Removed freeradius, installed via yum: freeradius2-2.1.12-5.el5, freeradius2-utils-2.1.12-5.el5, freeradius2-krb5-2.1.12-5.el5
Followed http://lists.freeradius.org/pipermail/freeradius-users/2012-December/064375.html and was able to do a localhost radtest successfully using my actual username and password, which confirmed to me that radius was authenticating correctly via our kerberos server. However when I try with an actual wireless network, it doesn't work. I've also looked at https://www.eduroam.us/node/45 and tried to follow that except for the proxy stuff, I'm not sure if that is needed.
Here are my configs:
/etc/raddb/modules/krb5:
krb5 {
keytab = /etc/krb5.keytab
service_principal = myserver/myserver.domain
}
Added kerberos after pap in /etc/raddb/sites-available/default:
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Kerberos stuff
Auth-Type Kerberos {
krb5
}
Similarly added kerberos in /etc/raddb/sites-available/inner-tunnel:
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
# Kerberos stuff
Auth-Type Kerberos {
krb5
}
Modified eap.conf to:
default_eap_type = ttls
copy_request_to_tunnel = yes
use_tunneled_reply = yes
Added as first entry to users file:
DEFAULT Auth-Type = Kerberos
Fall-Through = 1
Added our Aruba controller to clients.conf:
client ARUBA {
ipaddr = x.x.x.x
secret = mysecret
shortname = myssid
}
Ran radiusd -xxx, here's the log:
Wed Sep 17 04:29:25 2014 : Debug: Re-wait 4
Wed Sep 17 04:29:25 2014 : Debug: Re-wait 3
Wed Sep 17 04:29:25 2014 : Debug: Listening on authentication address * port 1812
Wed Sep 17 04:29:25 2014 : Debug: Listening on accounting address * port 1813
Wed Sep 17 04:29:25 2014 : Debug: Listening on command file /var/run/radiusd/radiusd.sock
Wed Sep 17 04:29:25 2014 : Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Wed Sep 17 04:29:25 2014 : Debug: Listening on proxy address * port 1814
Wed Sep 17 04:29:25 2014 : Info: Ready to process requests.
Wed Sep 17 04:29:25 2014 : Debug: Re-wait 2
Wed Sep 17 04:30:19 2014 : Debug: Threads: total/active/spare threads = 5/0/5
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds.
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 got semaphore
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 handling request 0, (1 handled so far)
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 1 length 11
Wed Sep 17 04:30:19 2014 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns updated
Wed Sep 17 04:30:19 2014 : Info: [files] users: Matched entry DEFAULT at line 143
Wed Sep 17 04:30:19 2014 : Info: ++[files] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[expiration] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[logintime] returns noop
Wed Sep 17 04:30:19 2014 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Wed Sep 17 04:30:19 2014 : Info: ++[pap] returns noop
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...}
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP Identity
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type tls
Wed Sep 17 04:30:19 2014 : Info: [tls] Initiate
Wed Sep 17 04:30:19 2014 : Info: [tls] Start returned 1
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled
Wed Sep 17 04:30:19 2014 : Info: Finished request 0.
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 waiting to be assigned a request
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds.
Wed Sep 17 04:30:19 2014 : Debug: Thread 5 got semaphore
Wed Sep 17 04:30:19 2014 : Debug: Thread 5 handling request 1, (1 handled so far)
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 2 length 166
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup.
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...}
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS
Wed Sep 17 04:30:19 2014 : Debug: TLS Length 156
Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11
Wed Sep 17 04:30:19 2014 : Info: [ttls] (other): before/accept initialization
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: before/accept initialization
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0097], ClientHello
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 read client hello A
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write server hello A
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write certificate A
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write server done A
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 flush data
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
Wed Sep 17 04:30:19 2014 : Debug: In SSL Handshake Phase
Wed Sep 17 04:30:19 2014 : Debug: In SSL Accept mode
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled
Wed Sep 17 04:30:19 2014 : Info: Finished request 1.
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request
Wed Sep 17 04:30:19 2014 : Debug: Thread 5 waiting to be assigned a request
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds.
Wed Sep 17 04:30:19 2014 : Debug: Thread 4 got semaphore
Wed Sep 17 04:30:19 2014 : Debug: Thread 4 handling request 2, (1 handled so far)
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 3 length 6
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup.
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...}
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS
Wed Sep 17 04:30:19 2014 : Info: [ttls] Received TLS ACK
Wed Sep 17 04:30:19 2014 : Info: [ttls] ACK handshake fragment handler
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 1
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled
Wed Sep 17 04:30:19 2014 : Info: Finished request 2.
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request
Wed Sep 17 04:30:19 2014 : Debug: Thread 4 waiting to be assigned a request
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds.
Wed Sep 17 04:30:19 2014 : Debug: Thread 3 got semaphore
Wed Sep 17 04:30:19 2014 : Debug: Thread 3 handling request 3, (1 handled so far)
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 4 length 6
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup.
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...}
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS
Wed Sep 17 04:30:19 2014 : Info: [ttls] Received TLS ACK
Wed Sep 17 04:30:19 2014 : Info: [ttls] ACK handshake fragment handler
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 1
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled
Wed Sep 17 04:30:19 2014 : Info: Finished request 3.
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request
Wed Sep 17 04:30:19 2014 : Debug: Thread 3 waiting to be assigned a request
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds.
Wed Sep 17 04:30:19 2014 : Debug: Thread 2 got semaphore
Wed Sep 17 04:30:19 2014 : Debug: Thread 2 handling request 4, (1 handled so far)
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 5 length 253
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup.
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...}
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS
Wed Sep 17 04:30:19 2014 : Debug: TLS Length 326
Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 read client key exchange A
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010], Finished
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 read finished A
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write change cipher spec A
Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0010], Finished
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write finished A
Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 flush data
Wed Sep 17 04:30:19 2014 : Info: [ttls] (other): SSL negotiation finished successfully
Wed Sep 17 04:30:19 2014 : Debug: SSL Connection Established
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled
Wed Sep 17 04:30:19 2014 : Info: Finished request 4.
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request
Wed Sep 17 04:30:19 2014 : Debug: Thread 2 waiting to be assigned a request
Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.8 seconds.
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 got semaphore
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 handling request 5, (2 handled so far)
Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 6 length 159
Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup.
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...}
Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list
Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls
Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls
Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate
Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS
Wed Sep 17 04:30:19 2014 : Debug: TLS Length 149
Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11
Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 7
Wed Sep 17 04:30:19 2014 : Info: [ttls] Session established. Proceeding to decode tunneled attributes.
Wed Sep 17 04:30:19 2014 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
Wed Sep 17 04:30:19 2014 : Info: +- entering group authorize {...}
Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop
Wed Sep 17 04:30:19 2014 : Info: [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns ok
Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL
Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL"
Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[control] returns noop
Wed Sep 17 04:30:19 2014 : Info: [eap] No EAP-Message, not doing EAP
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns noop
Wed Sep 17 04:30:19 2014 : Info: [files] users: Matched entry DEFAULT at line 143
Wed Sep 17 04:30:19 2014 : Info: ++[files] returns ok
Wed Sep 17 04:30:19 2014 : Info: ++[expiration] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[logintime] returns noop
Wed Sep 17 04:30:19 2014 : Info: ++[pap] returns noop
Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = MSCHAP
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
Wed Sep 17 04:30:19 2014 : Info: +- entering group MS-CHAP {...}
Wed Sep 17 04:30:19 2014 : Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password.
Wed Sep 17 04:30:19 2014 : Info: [mschap] No Cleartext-Password configured. Cannot create NT-Password.
Wed Sep 17 04:30:19 2014 : Info: [mschap] Creating challenge hash with username: xxxx
Wed Sep 17 04:30:19 2014 : Info: [mschap] Told to do MS-CHAPv2 for xxxx with NT-Password
Wed Sep 17 04:30:19 2014 : Info: [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
Wed Sep 17 04:30:19 2014 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect
Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns reject
Wed Sep 17 04:30:19 2014 : Info: Failed to authenticate the user.
Wed Sep 17 04:30:19 2014 : Info: [ttls] Got tunneled Access-Reject
Wed Sep 17 04:30:19 2014 : Info: [eap] Handler failed in EAP/ttls
Wed Sep 17 04:30:19 2014 : Info: [eap] Failed in EAP select
Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns invalid
Wed Sep 17 04:30:19 2014 : Info: Failed to authenticate the user.
Wed Sep 17 04:30:19 2014 : Info: Using Post-Auth-Type Reject
Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 17 04:30:19 2014 : Info: +- entering group REJECT {...}
Wed Sep 17 04:30:19 2014 : Info: [attr_filter.access_reject] expand: %{User-Name} -> xxxx
Wed Sep 17 04:30:19 2014 : Debug: attr_filter: Matched entry DEFAULT at line 11
Wed Sep 17 04:30:19 2014 : Info: ++[attr_filter.access_reject] returns updated
Wed Sep 17 04:30:19 2014 : Info: Delaying reject of request 5 for 1 seconds
Wed Sep 17 04:30:19 2014 : Debug: Going to the next request
Wed Sep 17 04:30:19 2014 : Debug: Thread 1 waiting to be assigned a request
Wed Sep 17 04:30:20 2014 : Info: Sending delayed reject for request 5
Wed Sep 17 04:30:20 2014 : Debug: Waking up in 3.8 seconds.
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 0 ID 57 with timestamp +54
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 1 ID 58 with timestamp +54
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 2 ID 59 with timestamp +54
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 3 ID 60 with timestamp +54
Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 4 ID 61 with timestamp +54
Wed Sep 17 04:30:24 2014 : Debug: Waking up in 1.0 seconds.
Wed Sep 17 04:30:25 2014 : Info: Cleaning up request 5 ID 62 with timestamp +54
Wed Sep 17 04:30:25 2014 : Info: Ready to process requests.
The wireless network is served from an Aruba controller which works fine with a windows radius server using AD authentication (for a diff SSID)
I can't say that I have looked through the list messages entirely but have spent reasonable time looking at different threads and reading radius docs, if I have still missed something obvious I apologize in advance.
Any help/suggestion/advice would be greatly appreciated.
Thanks
-uzee
More information about the Freeradius-Users
mailing list