Porting eduroam from 2 to 3

Olivier Olivier.Nicole at cs.ait.ac.th
Wed Sep 27 10:52:11 CEST 2017 

I am trying to use http://wiki.freeradius.org/guide/eduroam to port my
existing eduroam configuration from FreeRadius 2 to 3.0.15

I have an LDAP backend and would like to use LDAP binding to
authenticate the user.

So far, the authorize is OK, but the Auth-Type is set to inner-eap and
it will not try another LDAP bind in the authentication section:


(8) ldap_wifi: EXPAND (&(csimAccountPermission=firewall)(uid=%{%{Stripped-User-Name}:-%{User-Name}}))
(8) ldap_wifi:    --> (&(csimAccountPermission=firewall)(uid=on))
(8) ldap_wifi: Performing search in "ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th" with filter "(&(csimAccountPermission=firewall)(uid=on))", scope "one"
(8) ldap_wifi: Waiting for search result...
(8) ldap_wifi: User object found at DN "uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th"
(8) ldap_wifi: Processing user attributes
(8) ldap_wifi: control:Password-With-Header += '{MD5}something=='
(8)       [ldap_wifi] = updated
(8)       [files] = noop
(8) pap: Converted: &control:Password-With-Header -> &control:MD5-Password
(8) pap: Removing &control:Password-With-Header
(8) pap: Normalizing MD5-Password from base64 encoding, 24 bytes -> 16 bytes
(8) pap: WARNING: Auth-Type already set.  Not setting to PAP
(8)       [pap] = noop
(8)       [mschap] = noop
(8)     } # authorize = updated
(8)   Found Auth-Type = inner-eap
(8)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-eduroam
(8)     authenticate {
(8) inner-eap: Expiring EAP session with state 0x3eae14c03ea60e9f
(8) inner-eap: Finished EAP session with state 0x3eae14c03ea60e9f
(8) inner-eap: Previous EAP request found for state 0x3eae14c03ea60e9f, released from the list
(8) inner-eap: Peer sent packet with method EAP MSCHAPv2 (26)
(8) inner-eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-eduroam
(8) eap_mschapv2:   authenticate {
(8) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
(8) mschap: WARNING: No Cleartext-Password configured.  Cannot create LM-Password
(8) mschap: Creating challenge hash with username: on at cs.ait.ac.th
(8) mschap: Client is using MS-CHAPv2

In version2, I used to have:

server eduroam-inner-tunnel {
	authorize {
        	auth_log
		suffix
	        eap	
        	mschap
        	pap
	       	ldap_wifi
	}
 
	authenticate {
	        Auth-Type PAP {
	                pap
	        }
	        Auth-Type MS-CHAP {
	                mschap
	        }
		ldap_wifi
	        eap
	}


Thanks in advance,

Olivier

--

More information about the Freeradius-Users mailing list