Error while authenticating users on Wifi.

Wed May 23 22:01:29 CEST 2018

Dear Alan,

Rectified the clients.conf file & added clients configuration to it. Still,
authentication fails with below error:

(0) Received Access-Request Id 8 from 172.18.40.40:32774 to
192.168.154.96:1812 length 248
(0)   User-Name = "wwwwww"
(0)   User-Password = "xxxxxx"
(0)   Service-Type = Login-User
(0)   NAS-IP-Address = 172.18.40.40
(0)   NAS-Port = 13
(0)   Cisco-AVPair = "audit-session-id=ac122828000653795b05b338"
(0)   Framed-IP-Address = 192.168.246.30
(0)   Acct-Session-Id = "5b05b335/f4:0f:24:1a:89:35/447199"
(0)   NAS-Identifier = "BOR-WLC-01"
(0)   NAS-Port-Type = Wireless-802.11
(0)   Airespace-Wlan-Id = 2
(0)   Calling-Station-Id = "f4-0f-24-1a-89-35"
(0)   Called-Station-Id = "00-23-eb-26-f3-60:guest"
(0)   Message-Authenticator = 0x9fd55d37c61ac59b43dc5bae82c8470d
(0) # Executing section authorize from file
/usr/app/radius-new2/prod-corp-internal/etc/raddb/sites-enabled/wifi
(0)   authorize {
(0)     [preprocess] = ok
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "wwwwww", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0)     if ( Called-Station-Id =~ /:SSID_Office$/ ) {
(0)     if ( Called-Station-Id =~ /:SSID_Office$/ )  -> FALSE
(0)     elsif ( Airespace-Wlan-Id == 2 ) {
(0)     elsif ( Airespace-Wlan-Id == 2 )  -> TRUE
(0)     elsif ( Airespace-Wlan-Id == 2 )  {
(0)       redundant-load-balance group {
rlm_ldap (ldapwifi1): Closing connection (0): Hit idle_timeout, was idle
for 272 seconds
rlm_ldap (ldapwifi1): You probably need to lower "min"
rlm_ldap (ldapwifi1): Closing connection (1): Hit idle_timeout, was idle
for 272 seconds
rlm_ldap (ldapwifi1): You probably need to lower "min"
rlm_ldap (ldapwifi1): Closing connection (2): Hit idle_timeout, was idle
for 272 seconds
rlm_ldap (ldapwifi1): You probably need to lower "min"
rlm_ldap (ldapwifi1): Closing connection (3): Hit idle_timeout, was idle
for 272 seconds
rlm_ldap (ldapwifi1): You probably need to lower "min"
rlm_ldap (ldapwifi1): Closing connection (4): Hit idle_timeout, was idle
for 272 seconds
rlm_ldap (ldapwifi1): You probably need to lower "min"
rlm_ldap (ldapwifi1): 0 of 0 connections in use.  You  may need to increase
"spare"
rlm_ldap (ldapwifi1): Opening additional connection (5), 1 of 10 pending
slots used
rlm_ldap (ldapwifi1): Connecting to ldap://192.168.154.33:389
rlm_ldap (ldapwifi1): Waiting for bind result...
rlm_ldap (ldapwifi1): Bind successful
rlm_ldap (ldapwifi1): Reserved connection (5)
(0) ldapwifi1: Performing unfiltered search in "", scope "sub"
(0) ldapwifi1: Waiting for search result...
(0) ldapwifi1: The specified DN wasn't found
(0) ldapwifi1: Search returned no results
rlm_ldap (ldapwifi1): Released connection (5)
Need 4 more connections to reach min connections (5)
rlm_ldap (ldapwifi1): Opening additional connection (6), 1 of 9 pending
slots used
rlm_ldap (ldapwifi1): Connecting to ldap://192.168.154.33:389
rlm_ldap (ldapwifi1): Waiting for bind result...
rlm_ldap (ldapwifi1): Bind successful
(0)         [ldapwifi1] = notfound
(0)       } # redundant-load-balance group = notfound
(0)     } # elsif ( Airespace-Wlan-Id == 2 )  = notfound
(0)     [expiration] = noop
(0)     [logintime] = noop
(0)   } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file
/usr/app/radius-new2/prod-corp-internal/etc/raddb/sites-enabled/wifi
(0) Login incorrect (No Auth-Type found: rejecting the user via
Post-Auth-Type = Reject): [wwwwww] (from client WLC1 port 13 cli
f4-0f-24-1a-89-35)
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 8 from 192.168.154.96:1812 to 172.18.40.40:32774
length 20
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 8 with timestamp +272

Could you please help in rectifying missing authorization config for radius
server..?

----

*Thanks & Kind Regards,*
Saurabh LAHOTI.