Error while authenticating users on Wifi.
Alan Buxey
alan.buxey at gmail.com
Wed May 23 22:16:55 CEST 2018
pretty clear:
(0) ldapwifi1: Performing unfiltered search in "", scope "sub"
(0) ldapwifi1: Waiting for search result...
(0) ldapwifi1: The specified DN wasn't found
(0) ldapwifi1: Search returned no results
check your LDAP config, check the debug again to see whats coming in and
then ensure that your LDAP search works on command line with whats being
sent through.
alan
On 23 May 2018 at 21:01, Saurabh Lahoti <saurabh.astronomy at gmail.com> wrote:
> Dear Alan,
>
> Rectified the clients.conf file & added clients configuration to it. Still,
> authentication fails with below error:
>
> (0) Received Access-Request Id 8 from 172.18.40.40:32774 to
> 192.168.154.96:1812 length 248
> (0) User-Name = "wwwwww"
> (0) User-Password = "xxxxxx"
> (0) Service-Type = Login-User
> (0) NAS-IP-Address = 172.18.40.40
> (0) NAS-Port = 13
> (0) Cisco-AVPair = "audit-session-id=ac122828000653795b05b338"
> (0) Framed-IP-Address = 192.168.246.30
> (0) Acct-Session-Id = "5b05b335/f4:0f:24:1a:89:35/447199"
> (0) NAS-Identifier = "BOR-WLC-01"
> (0) NAS-Port-Type = Wireless-802.11
> (0) Airespace-Wlan-Id = 2
> (0) Calling-Station-Id = "f4-0f-24-1a-89-35"
> (0) Called-Station-Id = "00-23-eb-26-f3-60:guest"
> (0) Message-Authenticator = 0x9fd55d37c61ac59b43dc5bae82c8470d
> (0) # Executing section authorize from file
> /usr/app/radius-new2/prod-corp-internal/etc/raddb/sites-enabled/wifi
> (0) authorize {
> (0) [preprocess] = ok
> (0) suffix: Checking for suffix after "@"
> (0) suffix: No '@' in User-Name = "wwwwww", looking up realm NULL
> (0) suffix: No such realm "NULL"
> (0) [suffix] = noop
> (0) if ( Called-Station-Id =~ /:SSID_Office$/ ) {
> (0) if ( Called-Station-Id =~ /:SSID_Office$/ ) -> FALSE
> (0) elsif ( Airespace-Wlan-Id == 2 ) {
> (0) elsif ( Airespace-Wlan-Id == 2 ) -> TRUE
> (0) elsif ( Airespace-Wlan-Id == 2 ) {
> (0) redundant-load-balance group {
> rlm_ldap (ldapwifi1): Closing connection (0): Hit idle_timeout, was idle
> for 272 seconds
> rlm_ldap (ldapwifi1): You probably need to lower "min"
> rlm_ldap (ldapwifi1): Closing connection (1): Hit idle_timeout, was idle
> for 272 seconds
> rlm_ldap (ldapwifi1): You probably need to lower "min"
> rlm_ldap (ldapwifi1): Closing connection (2): Hit idle_timeout, was idle
> for 272 seconds
> rlm_ldap (ldapwifi1): You probably need to lower "min"
> rlm_ldap (ldapwifi1): Closing connection (3): Hit idle_timeout, was idle
> for 272 seconds
> rlm_ldap (ldapwifi1): You probably need to lower "min"
> rlm_ldap (ldapwifi1): Closing connection (4): Hit idle_timeout, was idle
> for 272 seconds
> rlm_ldap (ldapwifi1): You probably need to lower "min"
> rlm_ldap (ldapwifi1): 0 of 0 connections in use. You may need to increase
> "spare"
> rlm_ldap (ldapwifi1): Opening additional connection (5), 1 of 10 pending
> slots used
> rlm_ldap (ldapwifi1): Connecting to ldap://192.168.154.33:389
> rlm_ldap (ldapwifi1): Waiting for bind result...
> rlm_ldap (ldapwifi1): Bind successful
> rlm_ldap (ldapwifi1): Reserved connection (5)
> (0) ldapwifi1: Performing unfiltered search in "", scope "sub"
> (0) ldapwifi1: Waiting for search result...
> (0) ldapwifi1: The specified DN wasn't found
> (0) ldapwifi1: Search returned no results
> rlm_ldap (ldapwifi1): Released connection (5)
> Need 4 more connections to reach min connections (5)
> rlm_ldap (ldapwifi1): Opening additional connection (6), 1 of 9 pending
> slots used
> rlm_ldap (ldapwifi1): Connecting to ldap://192.168.154.33:389
> rlm_ldap (ldapwifi1): Waiting for bind result...
> rlm_ldap (ldapwifi1): Bind successful
> (0) [ldapwifi1] = notfound
> (0) } # redundant-load-balance group = notfound
> (0) } # elsif ( Airespace-Wlan-Id == 2 ) = notfound
> (0) [expiration] = noop
> (0) [logintime] = noop
> (0) } # authorize = ok
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
> Reject
> (0) Failed to authenticate the user
> (0) Using Post-Auth-Type Reject
> (0) Post-Auth-Type sub-section not found. Ignoring.
> (0) # Executing group from file
> /usr/app/radius-new2/prod-corp-internal/etc/raddb/sites-enabled/wifi
> (0) Login incorrect (No Auth-Type found: rejecting the user via
> Post-Auth-Type = Reject): [wwwwww] (from client WLC1 port 13 cli
> f4-0f-24-1a-89-35)
> (0) Delaying response for 1.000000 seconds
> Waking up in 0.3 seconds.
> Waking up in 0.6 seconds.
> (0) Sending delayed response
> (0) Sent Access-Reject Id 8 from 192.168.154.96:1812 to 172.18.40.40:32774
> length 20
> Waking up in 3.9 seconds.
> (0) Cleaning up request packet ID 8 with timestamp +272
>
> Could you please help in rectifying missing authorization config for radius
> server..?
>
> ----
>
> *Thanks & Kind Regards,*
> Saurabh LAHOTI.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list