Freeradius to authenticate 802.1x wireless user in Cisco WLC Controller
Fatih Naufal
fatih.avila at gmail.com
Mon Jun 12 11:00:18 CEST 2017
First of all i want to apologize for my bad english / grammar. I'm new user
(noobs) to freeradius, i'm currently working on 802.1x wireless
authentication project refering to this source :
http://www.ebbmar.com/?p=277
I have configured all of the steps but i can't still login to the SSID that
i've been configured with WPA+WPA2 and 802.1x auth key in controller.
Here's my freeradius -fxxX debug when i tried login to my SSID
Mon Jun 12 15:35:18 2017 : Debug: (0) Received Access-Request Id 76 from
172.30.254.3:56712 to 172.29.174.12:1812 length 264
Mon Jun 12 15:35:18 2017 : Debug: (0) User-Name = "bob"
Mon Jun 12 15:35:18 2017 : Debug: (0) Chargeable-User-Identity = 0x03
Mon Jun 12 15:35:18 2017 : Debug: (0) Location-Capable = Civix-Location
Mon Jun 12 15:35:18 2017 : Debug: (0) Calling-Station-Id =
"74-c6-3b-c9-c0-05"
Mon Jun 12 15:35:18 2017 : Debug: (0) Called-Station-Id =
"58-ac-78-ee-8a-20:802.1x"
Mon Jun 12 15:35:18 2017 : Debug: (0) NAS-Port = 1
Mon Jun 12 15:35:18 2017 : Debug: (0) Cisco-AVPair = "audit-session-id=
03fe1eac0013ad70f0513e59"
Mon Jun 12 15:35:18 2017 : Debug: (0) Acct-Session-Id =
"593e51f0/74:c6:3b:c9:c0:05/397562"
Mon Jun 12 15:35:18 2017 : Debug: (0) NAS-IP-Address = 172.30.254.3
Mon Jun 12 15:35:18 2017 : Debug: (0) NAS-Identifier = "IPB-WLC-5520"
Mon Jun 12 15:35:18 2017 : Debug: (0) Airespace-Wlan-Id = 69
Mon Jun 12 15:35:18 2017 : Debug: (0) Service-Type = Framed-User
Mon Jun 12 15:35:18 2017 : Debug: (0) Framed-MTU = 1300
Mon Jun 12 15:35:18 2017 : Debug: (0) NAS-Port-Type = Wireless-802.11
Mon Jun 12 15:35:18 2017 : Debug: (0) Tunnel-Type:0 = VLAN
Mon Jun 12 15:35:18 2017 : Debug: (0) Tunnel-Medium-Type:0 = IEEE-802
Mon Jun 12 15:35:18 2017 : Debug: (0) Tunnel-Private-Group-Id:0 = "403"
Mon Jun 12 15:35:18 2017 : Debug: (0) EAP-Message = 0x0206000801626f62
Mon Jun 12 15:35:18 2017 : Debug: (0) Message-Authenticator =
0x1ea56623b5daa166a71a53059bb1f941
Mon Jun 12 15:35:18 2017 : Debug: (0) session-state: No State attribute
Mon Jun 12 15:35:18 2017 : Debug: (0) # Executing section authorize from
file /etc/freeradius/3.0/sites-enabled/default
Mon Jun 12 15:35:18 2017 : Debug: (0) authorize {
Mon Jun 12 15:35:18 2017 : Debug: (0) policy filter_username {
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name) {
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name) -> TRUE
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name) {
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /@[^@]*@/ )
{
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /@[^@]*@/ )
-> FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /\.\./ ) {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /\.\./ )
-> FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /\.$/) {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /\.$/) ->
FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /@\./) {
Mon Jun 12 15:35:18 2017 : Debug: No matches
Mon Jun 12 15:35:18 2017 : Debug: (0) if (&User-Name =~ /@\./) ->
FALSE
Mon Jun 12 15:35:18 2017 : Debug: (0) } # if (&User-Name) = notfound
Mon Jun 12 15:35:18 2017 : Debug: (0) } # policy filter_username =
notfound
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Mon Jun 12 15:35:18 2017 : Debug: (0) [preprocess] = ok
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: calling
chap (rlm_chap)
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: returned
from chap (rlm_chap)
Mon Jun 12 15:35:18 2017 : Debug: (0) [chap] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: calling
mschap (rlm_mschap)
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: returned
from mschap (rlm_mschap)
Mon Jun 12 15:35:18 2017 : Debug: (0) [mschap] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: calling
digest (rlm_digest)
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: returned
from digest (rlm_digest)
Mon Jun 12 15:35:18 2017 : Debug: (0) [digest] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: calling
suffix (rlm_realm)
Mon Jun 12 15:35:18 2017 : Debug: (0) suffix: Checking for suffix after "@"
Mon Jun 12 15:35:18 2017 : Debug: (0) suffix: No '@' in User-Name = "bob",
looking up realm NULL
Mon Jun 12 15:35:18 2017 : Debug: (0) suffix: No such realm "NULL"
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: returned
from suffix (rlm_realm)
Mon Jun 12 15:35:18 2017 : Debug: (0) [suffix] = noop
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: calling eap
(rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Peer sent EAP Response (code 2)
ID 6 length 8
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authorize]: returned
from eap (rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0) [eap] = ok
Mon Jun 12 15:35:18 2017 : Debug: (0) } # authorize = ok
Mon Jun 12 15:35:18 2017 : Debug: (0) Found Auth-Type = eap
Mon Jun 12 15:35:18 2017 : Debug: (0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Mon Jun 12 15:35:18 2017 : Debug: (0) authenticate {
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authenticate]: calling
eap (rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Peer sent packet with method EAP
Identity (1)
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Calling submodule eap_peap to
process data
Mon Jun 12 15:35:18 2017 : Debug: (0) eap_peap: Initiating new EAP-TLS
session
Mon Jun 12 15:35:18 2017 : Debug: (0) eap_peap: [eaptls start] = request
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: Sending EAP Request (code 1) ID
7 length 6
Mon Jun 12 15:35:18 2017 : Debug: (0) eap: EAP session adding &reply:State
= 0x8383ebeb8384f22d
Mon Jun 12 15:35:18 2017 : Debug: (0) modsingle[authenticate]: returned
from eap (rlm_eap)
Mon Jun 12 15:35:18 2017 : Debug: (0) [eap] = handled
Mon Jun 12 15:35:18 2017 : Debug: (0) } # authenticate = handled
Mon Jun 12 15:35:18 2017 : Debug: (0) Using Post-Auth-Type Challenge
Mon Jun 12 15:35:18 2017 : Debug: (0) Post-Auth-Type sub-section not
found. Ignoring.
Mon Jun 12 15:35:18 2017 : Debug: (0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Mon Jun 12 15:35:18 2017 : Debug: (0) session-state: Nothing to cache
Mon Jun 12 15:35:18 2017 : Debug: (0) Sent Access-Challenge Id 76 from
172.29.174.12:1812 to 172.30.254.3:56712 length 0
Mon Jun 12 15:35:18 2017 : Debug: (0) EAP-Message = 0x010700061920
Mon Jun 12 15:35:18 2017 : Debug: (0) Message-Authenticator =
0x00000000000000000000000000000000
Mon Jun 12 15:35:18 2017 : Debug: (0) State =
0x8383ebeb8384f22de75b576301d17bd2
Mon Jun 12 15:35:18 2017 : Debug: (0) Finished request
Mon Jun 12 15:35:18 2017 : Debug: Waking up in 4.9 seconds.
Mon Jun 12 15:35:18 2017 : Debug: Waking up in 9.9 seconds.
Mon Jun 12 15:35:28 2017 : Debug: (0) Cleaning up request packet ID 76 with
timestamp +107
Mon Jun 12 15:35:28 2017 : Info: Ready to process requests
Any kind of suggestion and help would be appreciate
More information about the Freeradius-Users
mailing list