proxy request ok, but incomplete access-accept to my Aruba

Ramon Escriba escriba at cells.es
Fri Oct 13 12:17:11 CEST 2017 

Hi Experts,

I'm using Freradius3 with 802.1x EAP.

It works perfect with my @my-realm.com, but when I send test realms to the
external proxy, it accepts the query (see below logs),

but seems the Access-Accept packet does not complete the fields my Aruba
needs to open the vlan, as I do in @my-realm.com with users file.

 

How can I complete the "Access-Accept" packet I send to my Aruba?

 

 

 

(8)     MS-MPPE-Send-Key = 0xb809xxxxxxxxxxxxxxx184e8ba236944dc8

(8)     MS-MPPE-Recv-Key = 0x1xxxxxxxxxxxxxxxxxxxx99248b723ffdf64

(8)     EAP-Message = 0x03080004

(8)     Message-Authenticator = 0xxxxb0c134c619fd65

(8)     Proxy-State = 0x38

(8) # Executing section post-proxy from file
/etc/raddb/sites-enabled/default

(8)   post-proxy {

(8)  eap : No pre-existing handler found

(8)   [eap] = noop

(8)  } #  post-proxy = noop

(8) Found Auth-Type = Accept

(8) Auth-Type = Accept, accepting the user

(8) Login OK: [tests at acme.com] (from client loopback port 0 cli
02-00-00-00-00-01)

(8) # Executing section post-auth from file /etc/raddb/sites-enabled/default

(8)   post-auth {

(8)   [exec] = noop

(8)   remove_reply_message_if_eap remove_reply_message_if_eap {

(8)     if (&reply:EAP-Message && &reply:Reply-Message)

(8)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE

(8)    else else {

(8)     [noop] = noop

(8)    } # else else = noop

(8)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop

(8)  } #  post-auth = noop

(8) Sending Access-Accept packet to host 127.0.0.1 port 57123, id=8,
length=0

(8)     MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxx4da8

(8)     MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxfaf64

(8)     EAP-Message = 0x03080004

(8)     Message-Authenticator = 0xxxxxxxxxxxxxx03d20

Sending Access-Accept Id 8 from 127.0.0.1:1812 to 127.0.0.1:57123

        MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxx1f184e88

        MS-MPPE-Recv-Key = 0xxxxxx4899a3e0fa2a20f34f

        EAP-Message = 0x03080004

        Message-Authenticator = 0xxxxxx31f04620

(8) Finished request

Waking up in 6.4 seconds

 

Kindest Regards.

More information about the Freeradius-Users mailing list